Site2nite Businesses For Sale Listings SQL Injection

2010-11-03T00:00:00
ID PACKETSTORM:95434
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-11-03T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: Site2nite Businesses For Sale Listings SQL injection  
Version:FSBO  
Price:100$  
Vendor url:http://www.site2nite.com/  
Published: 2010-11-02  
Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX.  
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)  
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com  
Shoutzz:- To all ICW & Inj3ct0r members.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
Description:  
  
List businesses for sale by owner and broker at prices you determine.  
8 pics per listing, advanced Search, detailed listings, full admin control panel.   
After sales support at no charge.   
Code: ASP 3.0 & VBScri  
  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
Vulnerability:  
  
*SQL injection Vulnerability*  
  
DEMO URL :  
  
http://www.site2nite.com/products/business-directory-webdesign/www/detail.asp?ID=[SQLi]  
  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
# 0day n0 m0re #  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
`