Site2nite Vacation Rental (VRBO) Listings SQL Injection

2011.01.04
Credit: r0073r
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title: Site2nite Vacation Rental (VRBO) Listings SQL injection Vulnerability Version:FSBO Price:100$ Vendor url:http://www.site2nite.com/ Published: 2010-11-02 Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX. Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com Shoutzz:- To all ICW & Inj3ct0r members. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. Description: Unlimited Vacation Rental Listings Vacation Rentals are listed with thumbnail picture, location, price, and link to detail, to allow visitors to quickly browse to the rentals they are interested in. Vacation Rental Detail Detailed rental information is displayed to visitors when they click on a rental they are interested in with bigger picture, additional pictures, description, features, additional information, price, location, etc. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. Vulnerability: *SQL injection Vulnerability* DEMO URL : http://www.site2nite.com/products/vacation-rental-webdesign/www/detail.asp?ID=[SQLi] .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. # 0day n0 m0re # .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

References:

http://xforce.iss.net/xforce/xfdb/62956
http://www.securityfocus.com/bid/44619
http://www.exploit-db.com/exploits/15395
http://secunia.com/advisories/42087
http://packetstormsecurity.org/1011-exploits/site2nitevr-sql.txt
http://osvdb.org/68983


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top