Site2nite Vacation Rental (VRBO) Listings SQL Injection

2010-11-03T00:00:00
ID PACKETSTORM:95438
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-11-03T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: Site2nite Vacation Rental (VRBO) Listings SQL injection Vulnerability  
Version:FSBO  
Price:100$  
Vendor url:http://www.site2nite.com/  
Published: 2010-11-02  
Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX.  
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)  
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com  
Shoutzz:- To all ICW & Inj3ct0r members.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
Description:  
  
Unlimited Vacation Rental Listings  
Vacation Rentals are listed with thumbnail picture, location, price, and link to detail,  
to allow visitors to quickly browse to the rentals they are interested in.  
  
Vacation Rental Detail  
Detailed rental information is displayed to visitors when they click on a rental they are interested in with bigger picture,   
additional pictures, description, features, additional information, price, location, etc.  
  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
Vulnerability:  
  
*SQL injection Vulnerability*  
  
DEMO URL :  
  
http://www.site2nite.com/products/vacation-rental-webdesign/www/detail.asp?ID=[SQLi]  
  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
# 0day n0 m0re #  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.  
`