Micronetsoft RV Dealer Website – SQL Injection

• Exploit Database
• 7 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-09-06
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/14914/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title: Micronetsoft RV Dealer Website SQLi Vulnerability
  Vendor url:http://www.micronetsoft.com
  Version:1
  Price:199$
  Published: 2010-09-06
  GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
  M4n0j,NoCare, The_Exploited, SeeMe, gunslinger, Th3 RDX.
  Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members
  and my friends :) etc....
  Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
  Shoutzz:- To all ICW & Inj3ct0r members.
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  Description:
  
  Features:
  
  * Provides the ability to add listings to the web site.
  * Ability to add multiple users
  * Post-unlimited listings
  * For Sale listings with link to details page
  * For Rent listings with link to details page
  * Upload Images for listing
  * Upload a Brochure about the listing
  * Listings display the company logo
  * Search the database Vehicle Type, Make, Model, Year, Price Range, and
  Location.
  * Featured Listings
  * Prospective Buyer signup - will receive email on NEW Listings!
  * Submit work order (maintenance issue) with picture, for listings
  * Full database driven web application - Access database
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *SQL Vulnerability
  
  DEMO URL:
  
  http://www.site.com/detail.asp?ad_ID=1&vehicletypeID=[sqli]
  
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #