[webapps / 0day] - ASPSiteware Gallery SQL Injection Vulnera
Posted on 04 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>ASPSiteware Gallery SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='ASPSiteware Gallery SQL Injection Vulnerability by R4dc0re in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>=============================================== ASPSiteware Gallery SQL Injection Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' /'__` /'__` /\_____ / / 7 1 /\_, /\_L /\_L \/___//'/' \_ \____ 1 3 /_/ /_/_\_<_/_/_\_<_ /' /' /'_` '__` 3 3 / L / L /' /' / L L 3 7 \_ \____/ \____//\_/ \___,_ \_,__/ 7 1 /_//___/ /___/ // /__,_ //___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ########################################## 7 1 I'm R4dc0re 1337 Member from 1337 DataBase 1 3 ########################################## 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 # Author: R4dc0re # Exploit Title: ASPSiteware Gallery SQL injection Vulnerability # Date: 04-12-2010 # Vendor or Software Link: www.aspsiteware.com # Category:WebApp #Demo Link:http://www.aspsiteware.com/Gallery/ #Version:1.0 #Price:50$ #Contact: R4dc0re@yahoo.fr #Website: www.1337db.com #Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members Submit Your Exploit at Submit@1337db.com ################################################################### [Product Detail] ASP Gallery is a web based image gallery application. Backend by Access database, ASP Gallery can store thousands of images in categories. Each image is displayed with name and description. You can customize ASP Gallery for the look and feel of your website. ASP Gallery is an excellent add-on application for your web site. It is designed to be a complete ready-to-use image listing.You just add your images. Start posting your images online and attracting more customers to your site by using this application. [Vulnerability] SQL Injection: http://www.aspsiteware.com/Gallery/type.asp?iType=[Code] ################################################################### # <a href='http://1337db.com/'>1337db.com</a> [2010-12-04]</pre></body></html>
