Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
[Help] Patch SQL injection
Posted by: thejack
Date: June 16, 2011 05:10AM

here script thats vuln: ( var id= )
...
<%
id=cekal(trim(request.querystring("id")))

tp=cekal(trim(request.querystring("tp")))
if tp<>"" then
%>

<%
end if
set conn=server.createobject("adodb.connection")
conn.open dbcon
set rst = server.createobject("ADODB.recordset")
rst.open "select * from news where id=" & id,conn,1,2
...
set rst = server.createobject("ADODB.recordset")
rst.open sqllain,conn,1,2
if not rst.eof then
	do
	idsbl=trim(rst("id"))
	subjudulsbl=trim(rst("subjudul"))
	judulsbl=trim(rst("judul"))
	tanggalsbl=trim(rst("tanggal"))
	jenissbl=trim(rst("jenis"))
		%>
                                        <tr> 
                                          <td width="1" valign="top"><span class="style1">&#149;</span></td>
                                          <td> 
                                            <div class=news-date><%=rubahtglx(tanggalsbl)%></div>
                                            <%
						  if subjudulsbl<>"" then
						  %>
                                            <span class=news><%=subjudulsbl%></span> 
                                            <br>
                                            <% end if %>
											<% if jenissbl="Pemilu 2009" then %>
		<b><a href="pemilu/read.htm?id=<%=idsbl%>" class=news target="_blank"><%=judulsbl%></a></b>
		<% elseif jenissbl="Olah Raga" then %>
		<b><a href="readjadwal.htm?id=<%=idsbl%>" class=news><%=judulsbl%></a></b>
		<% elseif jenissbl="Piala Dunia" then %>
		<b><a href="bola2010/read.htm?id=<%=idsbl%>" class=news target="_blank"><%=judulsbl%></a></b>
		<% elseif jenissbl="Fokus Piala Dunia" then %>
		<b><a href="bola2010/read.htm?id=<%=idsbl%>" class=news target="_blank"><%=judulsbl%></a></b>
		<% else %>
        <b><a href="readnews.htm?id=<%=idsbl%>" class=news><%=judulsbl%></a></b>
<%  end if %>
	<br>
                                            <br>                                          </td>
                                        </tr>
                                        <%	
	rst.movenext
	loop while not rst.eof	
end if
rst.close
set rst=nothing
...

please help for patch this script..
thanks before

added code taqs - id



Edited 1 time(s). Last edit at 06/21/2011 11:50AM by sla_admin.

Options: ReplyQuote
Re: [Help] Patch SQL injection
Posted by: peann
Date: June 18, 2011 03:03PM

paste it to pastebin.com so it's easier to read please

Options: ReplyQuote
Re: [Help] Patch SQL injection
Posted by: thejack
Date: June 23, 2011 12:26AM

OK
First thanks for your respond
second this i share the link
http://pastebin.com/bquLFi8T

Options: ReplyQuote


Sorry, only registered users may post in this forum.