27 lines
No EOL
1.1 KiB
Text
27 lines
No EOL
1.1 KiB
Text
# Author: R4dc0re
|
|
# Exploit Title: HotWebScripts HotWeb Rentals SQL injection Vulnerability
|
|
# Date: 05-12-2010
|
|
# Vendor or Software Link: http://www.hotwebscripts.co.uk/
|
|
# Category:WebApp
|
|
# Price: £150
|
|
# Contact: R4dc0re@yahoo.fr
|
|
# Website: www.1337db.com
|
|
# Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
|
|
|
|
Submit Your Exploit at Submit@1337db.com
|
|
|
|
########################################################################################
|
|
[Product Detail]
|
|
|
|
DotWeb Rentals is a simple to operate, ASP/Access database application that can be used
|
|
to list property owner's homes for rent. Owners post their home, along with up to 6 images
|
|
and a comprehensive list of details. The application is best suited to small to medium
|
|
property rental sites and in particular, to holiday rentals such as Spanish property or
|
|
Polaris World type property rentals.
|
|
|
|
[Vulnerability]
|
|
|
|
SQL Injection:
|
|
|
|
http://server/resorts.asp?PropResort=[code]
|
|
######################################################################################## |