BPHolidayLettings 1.0 - Blind SQL Injection

EDB-ID:

9841

Author:

OoN Boy

Type:

webapps

Platform:

ASP

Published:

2009-09-22

[x]========================================================================================================================================[x]
 |                                                      AntiSecurity[dot]org                                                                |
[x]========================================================================================================================================[x]
 | Title    : BPHolidayLettings SQL Blind Vulnerabilities                                                                                   | 
 | Software : BPHolidayLettings                                                                                                             |
 | Vendor   : http://bpowerhouse.info                                                                                                       |
 | Date     : 22 September 2009 ( Indonesia )                                                                                               |
 | Author   : OoN_Boy                                                                                                                       |
 | Contact  : oon.boy9@gmail.com                                                                                                            |
 | Web		: http://oonboy.info                                                                                                            |
 | Blog     : http://oonboy.blogspot.com                                                                                                    |
[x]========================================================================================================================================[x]
 | Technology	: ASP.NET 2.0                                                                                                               |
 | Database		: MSSQL 2005                                                                                                                |
 | Version		: 1.0                                                                                                                       |
 | License		: GNU GPL                                                                                                                   |
 | Price		: $28.50                                                                                                                    |
 | Description	:BPHolidayLettings Holiday Lettings Site Script where site users can search holiday lettings all over the world, check      |
 |				 availability and contact property owners. Owners can register and advertise properties for rent, mark available days,      |
 |				 upload pictures and receive bookings                                                                                       |
[x]========================================================================================================================================[x]
 | Google Dork : cari sendiri yah :)                                                                                                        |
[x]========================================================================================================================================[x]
 | Exploit 	: http://localhost.com/search.aspx?rid=[sql]                                                                                    |
			: http://localhost.com/search.aspx?tid=[sql]                                                                                    |
[x]========================================================================================================================================[x]
 | Greetz	: antisecurity.org batamhacker.or.id                                                                                            |
 |			  Vrs-hCk NoGe Paman zxvf Angela Zhang aJe H312Y yooogy mousekill }^-^{ martfella noname s4va                                   |
 | 			  k1tk4t str0ke kaka11 ^s0n g0ku^ Joe Chawanua Ntc xx_user s3t4n IrcMafia em|nem Pandoe Ronny rere                              |
[x]========================================================================================================================================[x]
 | Note		: Selamat hariraya idul fitri mohon maaf lahir dan batin, maafin kesalahan ku selama ini yah all :)								|
 |			  kabur.... untuk sementara waktu.... bye bye.....																				|
[x]========================================================================================================================================[x]