45 lines
No EOL
1.7 KiB
Text
45 lines
No EOL
1.7 KiB
Text
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
|
|
Exploit Title: Micronetsoft RV Dealer Website SQLi Vulnerability
|
|
Vendor url:http://www.micronetsoft.com
|
|
Version:1
|
|
Price:199$
|
|
Published: 2010-09-06
|
|
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
|
|
M4n0j,NoCare, The_Exploited, SeeMe, gunslinger, Th3 RDX.
|
|
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members
|
|
and my friends :) etc....
|
|
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
|
|
Shoutzz:- To all ICW & Inj3ct0r members.
|
|
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
|
|
Description:
|
|
|
|
Features:
|
|
|
|
* Provides the ability to add listings to the web site.
|
|
* Ability to add multiple users
|
|
* Post-unlimited listings
|
|
* For Sale listings with link to details page
|
|
* For Rent listings with link to details page
|
|
* Upload Images for listing
|
|
* Upload a Brochure about the listing
|
|
* Listings display the company logo
|
|
* Search the database Vehicle Type, Make, Model, Year, Price Range, and
|
|
Location.
|
|
* Featured Listings
|
|
* Prospective Buyer signup - will receive email on NEW Listings!
|
|
* Submit work order (maintenance issue) with picture, for listings
|
|
* Full database driven web application - Access database
|
|
|
|
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
|
|
|
|
Vulnerability:
|
|
|
|
*SQL Vulnerability
|
|
|
|
DEMO URL:
|
|
|
|
http://www.site.com/detail.asp?ad_ID=1&vehicletypeID=[sqli]
|
|
|
|
|
|
# 0day n0 m0re #
|
|
# L0rd CrusAd3r # |