I-net Enquiry Management Script SQL Injection Vulnerability :

Date : 2010-07-13 Author : D4rk357
Name : I-net Enquiry management  Script SQL Injection Vulnerability
Date : july 13, 2010
Critical Level     : HIGH
Vendor Url : http://www.i-netsolution.com/
Author : D4rk357 D4rk357[at]yahoo][dot]in
special thanks to : b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
greetz to :http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
#####################################################################################
Description :I-Net Enquiry Management This application is boon for people finding difficult
ies in managing their Incoming Enquiries from various sources and their replies to them.
 Enquires are the source of Growing business in any areas of life. Be it a small business
or a Big enterprise, effective handling of the generated enquires leads to new business 
and New sales. Our Research shows that there is a huge market / need for such application 
which can manage the business enquires and handle them effectively. Companies are making 
huge losses as their enquires go unattended or not properly responded. Our IEM takes care 
of the complete requirement and provides Total solution for such need from any quarter of 
business segment. The specifications are as under: The enquiry management system is a web 
based application using latest PHP technologies and MYSQL database.  
########################################################################
Exploit:SQLi Injection
 I-net Enquiry mannagement  Script has sql injection vulnerability 

DEMO URL :http://<server>/Products/order_management/viewaddedenquiry.php?id=[SQli]

###############################################
#When you really want something the whole uniververse consipres for you to achieve it :Paulo Coelho
#D4rk357

C1

 

C2

 

C3