header-logo
Suggest Exploit
vendor:
Vacation Rental (VRBO) Listings
by:
L0rd CrusAd3r
7,5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Vacation Rental (VRBO) Listings
Affected Version From: FSBO
Affected Version To: FSBO
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Site2nite Vacation Rental (VRBO) Listings SQL injection Vulnerability

Unlimited Vacation Rental Listings Vacation Rentals are listed with thumbnail picture, location, price, and link to detail, to allow visitors to quickly browse to the rentals they are interested in. Detailed rental information is displayed to visitors when they click on a rental they are interested in with bigger picture, additional pictures, description, features, additional information, price, location, etc.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: Site2nite Vacation Rental (VRBO) Listings SQL injection Vulnerability
Version:FSBO
Price:100$
Vendor url:http://www.site2nite.com/
Published: 2010-11-02
Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Description:

Unlimited Vacation Rental Listings
Vacation Rentals are listed with thumbnail picture, location, price, and link to detail,
?to allow visitors to quickly browse to the rentals they are interested in.

Vacation Rental Detail
Detailed rental information is displayed to visitors when they click on a rental they are interested in with bigger picture,
additional pictures, description, features, additional information, price, location, etc.
?
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Vulnerability:

*SQL injection Vulnerability*

DEMO URL :

http://server/detail.asp?ID=[SQLi]

.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
# 0day n0 m0re #
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.


-- 
With R3gards,
L0rd CrusAd3r

Navigation

Suggest Exploit

Services By CQR