MOTIONBORG Web Real Estate Admin_Check_User.ASP SQL Injection Vulnerability

Bugtraq ID:	21963
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 09 2007 12:00AM
Updated:	Jan 25 2007 04:24PM
Credit:	ajann is credited with the discovery of this vulnerability.
Vulnerable:	MOTIONBORG Web Real Estate 2.1
Not Vulnerable:

MOTIONBORG Web Real Estate Admin_Check_User.ASP SQL Injection Vulnerability

MOTIONBORG Web Real Estate is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects version 2.1 and prior.

MOTIONBORG Web Real Estate Admin_Check_User.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following example URI demonstrates this issue:

http://www.example.com=/admin_check_user.asp (POST Method) [SQL]

MOTIONBORG Web Real Estate Admin_Check_User.ASP SQL Injection Vulnerability

Solution:
The vendor has released a fix to resolve this issue; please contact the vendor for information on obtaining an upgrade.

MOTIONBORG Web Real Estate Admin_Check_User.ASP SQL Injection Vulnerability

References:

• MOTIONBORG Web Real Estate Homepage (MOTIONBORG)