27 lines
No EOL
1.7 KiB
Text
27 lines
No EOL
1.7 KiB
Text
Name : I-net Enquiry management Script SQL Injection Vulnerability
|
|
Date : july 13, 2010
|
|
Critical Level : HIGH
|
|
Vendor Url : http://www.i-netsolution.com/
|
|
Author : D4rk357 D4rk357[at]yahoo][dot]in
|
|
special thanks to : b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
|
|
greetz to :http://www.garage4hackers.com/forum.php , h4ck3r.in and all ICW members
|
|
#####################################################################################
|
|
Description :I-Net Enquiry Management This application is boon for people finding difficult
|
|
ies in managing their Incoming Enquiries from various sources and their replies to them.
|
|
Enquires are the source of Growing business in any areas of life. Be it a small business
|
|
or a Big enterprise, effective handling of the generated enquires leads to new business
|
|
and New sales. Our Research shows that there is a huge market / need for such application
|
|
which can manage the business enquires and handle them effectively. Companies are making
|
|
huge losses as their enquires go unattended or not properly responded. Our IEM takes care
|
|
of the complete requirement and provides Total solution for such need from any quarter of
|
|
business segment. The specifications are as under: The enquiry management system is a web
|
|
based application using latest PHP technologies and MYSQL database.
|
|
########################################################################
|
|
Exploit:SQLi Injection
|
|
I-net Enquiry mannagement Script has sql injection vulnerability
|
|
|
|
DEMO URL :http://<server>/Products/order_management/viewaddedenquiry.php?id=[SQli]
|
|
|
|
###############################################
|
|
#When you really want something the whole uniververse consipres for you to achieve it :Paulo Coelho
|
|
#D4rk357 |