Micronetsoft Rental Property Management Website SQLi

vendor:

Rental Property Management Website

by:

L0rd CrusAd3r aka VSN

6,5

CVSS

MEDIUM

SQL Vulnerability

CWE

Product Name: Rental Property Management Website

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Micronetsoft Rental Property Management Website SQLi

The Real Estate & Rental Property Website includes a web application that provide realtors with the ability to add both For Sale & For Rent properties to the web site using powerful forms that are easy to use and provides visitors with the ability to browse or search those properties. The web application's administration tool allows for easy updates of properties with image upload, category management, listing management, mailing list management, and much more. The vulnerability is demonstrated by the demo URL http://server/detail.asp?ad_ID=[sqli].

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Micronetsoft Rental Property Management Website SQLi
Vulnerability
Vendor url:http://www.micronetsoft.com
Version:1
Price:179$
Published: 2010-09-06
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
M4n0j,NoCare, The_Exploited, SeeMe, gunslinger, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members
and my friends :) etc....
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

The Real Estate & Rental Property Website includes a web application that
provide realtors with the ability to add both For Sale & For Rent
properties to the web site using powerful forms that are easy to use and
provides visitors with the ability to browse or search those properties. The
web application's administration tool allows for easy updates of properties
with image upload, category management, listing management, mailing list
management, and much more.
Note: With this website you can display both For Sale and For Rent
properties, or if you do not offer rental properties at this time, you can
disable the rental properties from displaying on the website. The website
demo 09900 displays both For Sale and For Rent properties and the website
demo 09911 displays only For Sale properties.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/detail.asp?ad_ID=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r