T-Dreams Cars Ads Package 2.0 SQL Injection

2010.12.05

Credit: R4dc0re

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Author: R4dc0re
# Exploit Title: T-Dreams Cars Ads Package SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Demo Link:http://t-dreams.com/demo/jobcareerV3
#Version:2.0
#Price:31$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
Submit Your Exploit at Submit@1337db.com
########################################################################################
[Product Detail]
. JPhotos Upload to Database
. Up to 3 images per ad
. Car Makers & Car Models Categories
. Secure Members Area
. Member places many ads
. Web Based Administrating Area
. Easy to register Forms
. Information & Users Privacy
. Easy to merge with existing sites
. MS Access Included
. SQL Upgrading is enabled
. Open Source Code
[Vulnerability]
SQL Injection:
http://t-dreams.com/demo/cars/processview.asp?key=[Code]
########################################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

T-Dreams Cars Ads Package 2.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.