T-Dreams Cars Ads Package 2.0 SQL Injection

2010-12-04 09:16:35

# Author: R4dc0re
# Exploit Title: T-Dreams Cars Ads Package SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Version:2.0
#Price:31$
#Contact: [email protected]
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members

Submit Your Exploit at [email protected]

########################################################################################
[Product Detail]

. JPhotos Upload to Database

. Up to 3 images per ad

. Car Makers & Car Models Categories

. Secure Members Area

. Member places many ads

. Web Based Administrating Area

. Easy to register Forms

. Information & Users Privacy

. Easy to merge with existing sites

. MS Access Included

. SQL Upgrading is enabled

. Open Source Code

[Vulnerability]

SQL Injection:

http://server/processview.asp?key=[Code]
########################################################################################

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.