ASP Nuke Sql Injection ...ASP Nuke Sql Injection Vulnerability , # Angielskie Ebooki
[ Pobierz całość w formacie PDF ]
//-->Abysssec Research1) Advisory informationTitleAffectedDiscoveryVendorImpactContactTwitter: ASP Nuke Sql Injection Vulnerability: AspNuke 0.80:www.abysssec.com:: Critical: shahin [at] abysssec.com , info [at] abysssec.com: @abysssec2) Vulnerability InformationClass1- SQL InjectionExploiting this issue could allow an attacker to compromise the application, accessor modify data, or exploit latent vulnerabilities in the underlying database.Remotely ExploitableYesLocally ExploitableNo3) Vulnerabilities detail1- SQL Injection:Vulnerable Code in.../module/article/article/article.asp:Ln 37:sStat = "SELECTart.ArticleID, art.Title, art.ArticleBody, " &_"auth.FirstName, auth.LastName, " &_"cat.CategoryName, art.CommentCount, " &_"art.Created " &_"FROM tblArticle art " &_"INNER JOINtblArticleAuthor auth ON art.AuthorID = auth.AuthorID " &_"INNER JOINtblArticleToCategory atc ON atc.ArticleID = art.ArticleID " &_"INNER JOINtblArticleCategory cat ON atc.CategoryID = cat.CategoryID " &_"WHERE art.ArticleID = " & steForm("articleid") & " " &_"ANDart.Active <> 0 " &_"ANDart.Archive = 0"Considering to the code, you can browse these URLs:(the false Query will be shown)With the following URL you can find the first character of Username:And second character:And so on.So you gain Admin's information like this:Username : adminPassword : (sha256 hash)Which the Password was encrypted by SHA algorithm using .../lib/sha256.asp file. [ Pobierz całość w formacie PDF ] |
Podobne
|