Hmm.. Ini Vuln ASP Nuke Yang Kemungkinan Bisa Kita Pelajari...
Cekidot aja deh :
Description :
1)- SQl Injection
This version of ASP Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Valnerable Code in .../module/article/article/article.asp:
Ln 37:
sStat = "SELECT art.ArticleID, art.Title, art.ArticleBody, " &_
" auth.FirstName, auth.LastName, " &_
" cat.CategoryName, art.CommentCount, " &_
" art.Created " &_
"FROM tblArticle art " &_
"INNER JOIN tblArticleAuthor auth ON art.AuthorID = auth.AuthorID " &_
"INNER JOIN tblArticleToCategory atc ON atc.ArticleID = art.ArticleID " &_
"INNER JOIN tblArticleCategory cat ON atc.CategoryID = cat.CategoryID " &_
"WHERE art.ArticleID = " & steForm("articleid") & " " &_
"AND art.Active <> 0 " &_
"AND art.Archive = 0"
Considering to the code, you can browse these URLs:
[You must be registered and logged in to see this link.] (the false Query will be shown)
[You must be registered and logged in to see this link.] (this Query is always true)
with the following URL you can find the first character of Username:
[You must be registered and logged in to see this link.]and second character:
[You must be registered and logged in to see this link.]and so on.
So you gain Admin's information like this:
Username : admin
Password : (sha256 hash)
Discovery :
[You must be registered and logged in to see this link.]Vendor :
[You must be registered and logged in to see this link.]Sumber:
[You must be registered and logged in to see this link.]Selamat Mencoba Buat Ngembangin Ilmu kita...hehe