Site2nite Boat Classifieds SQL Injection

2010-11-03T00:00:00
ID PACKETSTORM:95435
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-11-03T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: Site2nite Boat Classifieds SQL injection Vulnerability  
Version:FSBO  
Price:100$  
Vendor url:http://www.site2nite.com/  
Published: 2010-11-02  
Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX.  
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)  
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com  
Shoutzz:- To all ICW & Inj3ct0r members.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
Description:  
  
Unlimited Boat Listings  
Boats are listed with thumbnail picture, location, price, and link to detail,   
to allow visitors to quickly browse to the listings they are interested in.  
  
Boat Detail  
Detailed information is displayed to visitors when they click on a Boat they are interested in with bigger picture,   
additional pictures, description, features, additional information, price, address, etc.  
  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
Vulnerability:  
  
*SQL injection Vulnerability*  
  
DEMO URL :  
  
http://www.site2nite.com/products/boat-webdesign/www/detail.asp?ID=[SQLi]  
  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
# 0day n0 m0re #  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
`