[kratuspneuma]

This thecnique is very simple but, a lot of web sites are still opened with this.

It is a vuln than let us to see DB credentials in the source code.

Follow me:

1 - Use a dork like this: "inurl:yoursite+download.asp+pdf+id" to scan your site by the vuln.

2 - Take the result and changes the result with in path file: "id=file.pdf" by this "id=../index.asp", remember, the changes will depends of the technology(ASP.net, ASP, PHP...) envolved on server.

3 - In some seconds you got the index of the ASP site, look in the code and search some like: "Includes/Connect.asp" or similars, down them all

4 - Look at the code and see the server path, database, user and password of them! Simple that!

Ps.: Sorry for my bad english

[Adorapuff]

Instead of a shitty tutorial, explain why the code is vulnerable and what is going on.

[kratuspneuma]

Instead of a shitty tutorial, explain why the code is vulnerable and what is going on.

Man,

Not so much to explain, is so simple but, here we go:

1- The developer left the code open to download others files out of the original scope, in this case "download.asp" is vulnerable

2 - We get the index(or another file) with the paths to others that has the credentials to DB, in this case: Includes/connection.asp

3 - With the DB credentials in your hands, you can search for the management site logon users (to defacers), delete tables to (kiddies), upload a shell and creat a backdoor to use as bot, in my case I have access to a .gov web site of my city for own business..

[kratuspneuma]

Thanks packo,

In next tutorials I promess make them more atractives and explain a little bit more about the vuln.

Cheers!!!

[Dismas]

It is a real shame that some sites are still vulnerable to this sort of thing.

[Taken]

Step 2 got my dick hanging to the fan.

[kratuspneuma]

It is a real shame that some sites are still vulnerable to this sort of thing.

Oni,

Really! So much sites, including governamental sites are opened with this simple vuln.

Cheers.