Micronetsoft Rental Property Management Website SQL Injection

2010-09-08T00:00:00
ID PACKETSTORM:93575
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-09-08T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title:Micronetsoft Rental Property Management Website SQLi  
Vulnerability  
Vendor url:http://www.micronetsoft.com  
Version:1  
Price:179$  
Published: 2010-09-06  
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,  
M4n0j,NoCare, The_Exploited, SeeMe, gunslinger, Th3 RDX.  
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members  
and my friends :) etc....  
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com  
Shoutzz:- To all ICW & Inj3ct0r members.  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
Description:  
  
The Real Estate & Rental Property Website includes a web application that  
provide realtors with the ability to add both For Sale & For Rent  
properties to the web site using powerful forms that are easy to use and  
provides visitors with the ability to browse or search those properties. The  
web application's administration tool allows for easy updates of properties  
with image upload, category management, listing management, mailing list  
management, and much more.  
Note: With this website you can display both For Sale and For Rent  
properties, or if you do not offer rental properties at this time, you can  
disable the rental properties from displaying on the website. The website  
demo 09900 displays both For Sale and For Rent properties and the website  
demo 09911 displays only For Sale properties.  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
  
Vulnerability:  
  
*SQL Vulnerability  
  
DEMO URL:  
  
http://server/detail.asp?ad_ID=[sqli]  
  
  
# 0day n0 m0re #  
# L0rd CrusAd3r #  
  
  
--   
With R3gards,  
L0rd CrusAd3r  
  
`