exploit-db-mirror/exploits/asp/webapps/14919.txt

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Micronetsoft Rental Property Management Website SQLi
Vulnerability
Vendor url:http://www.micronetsoft.com
Version:1
Price:179$
Published: 2010-09-06
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
M4n0j,NoCare, The_Exploited, SeeMe, gunslinger, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members
and my friends :) etc....
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

The Real Estate & Rental Property Website includes a web application that
provide realtors with the ability to add both For Sale & For Rent
properties to the web site using powerful forms that are easy to use and
provides visitors with the ability to browse or search those properties. The
web application's administration tool allows for easy updates of properties
with image upload, category management, listing management, mailing list
management, and much more.
Note: With this website you can display both For Sale and For Rent
properties, or if you do not offer rental properties at this time, you can
disable the rental properties from displaying on the website. The website
demo 09900 displays both For Sale and For Rent properties and the website
demo 09911 displays only For Sale properties.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/detail.asp?ad_ID=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #


--
With R3gards,
L0rd CrusAd3r