Name : I-net Enquiry management Script SQL Injection Vulnerability
Date : july 13, 2010
Critical Level : HIGH
Vendor Url : http://www.i-netsolution.com/
Author : D4rk357 D4rk357[at]yahoo][dot]in
special thanks to : b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
greetz to :http://www.garage4hackers.com/forum.php , h4ck3r.in and all ICW members
#####################################################################################
Description :I-Net Enquiry Management This application is boon for people finding difficult
ies in managing their Incoming Enquiries from various sources and their replies to them.
Enquires are the source of Growing business in any areas of life. Be it a small business
or a Big enterprise, effective handling of the generated enquires leads to new business
and New sales. Our Research shows that there is a huge market / need for such application
which can manage the business enquires and handle them effectively. Companies are making
huge losses as their enquires go unattended or not properly responded. Our IEM takes care
of the complete requirement and provides Total solution for such need from any quarter of
business segment. The specifications are as under: The enquiry management system is a web
based application using latest PHP technologies and MYSQL database.
########################################################################
Exploit:SQLi Injection
I-net Enquiry mannagement Script has sql injection vulnerability
DEMO URL :http://<server>/Products/order_management/viewaddedenquiry.php?id=[SQli]
###############################################
#When you really want something the whole uniververse consipres for you to achieve it :Paulo Coelho
#D4rk357