Virtual Real Estate Manager 3.5 - SQL Injection

EDB-ID:

13789




Platform:

ASP

Date:

2010-06-09


       ======================================================
        Virtual Real Estate Manager V 3.5 SQLi  Vulnerability
       ======================================================

Name : Virtual Real Estate Manager V 3.5 SQLi Vulnerability
Date : june, 9 2010
Vendor url :http://www.mckenziecreations.net/products.htm
Platform: Windows
Price:$39.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members.

###############################################################################################################
Description:

Looking for a Real Estate Listing script? Our Virtual Real Estate Manager was developed in ASP ( Active Server Pages ) and an Access database. End User Features : » Search by Area and type of property » Listings Page includes thumbnail of the property, Short Description, city, date added and price. » Details Page includes - 4 thumbnails that open in a new window with larger view. Heading, Description of the property, Details of the property, email to a friend and request more info. Admin Features : » Add, Edit and Delete Properties - upload images » Add, Edit and Delete Categories » Add, Edit and Delete Area » Change Password VRM : Is delivered via a ZIP file. You receive this exact template with the application. Easy to customize with knowledge of html or one of the following: Design Requirements : Front page - Recommended * Macromedia Dreamweaver Configuration Requirements: Notepad WordPad 

###############################################################################################################

Xploit: SQLi Vulnerability

DEMO  URL:

       http://site.net/VRMdemo/listing_detail.asp?Lid=[SQLi]


###############################################################################################################
# 0day no more 
# Sid3^effects