<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>20/20 Auto Gallery SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
20/20 Auto Gallery SQL Injection Vulnerability
==============================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ __ /’__` / __ /’__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /’ _ ` / /_/__&lt;_ /’___ / /`’__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ &gt;&gt; Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ################################### 1
0 I’m SONiC member from Inj3ct0r Team 1
1 ################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : 20/20 Auto Gallery –SQL iNjection Vulnerability
Date : july 7,2010
Critical Level :VERY HIGH
vendor URL : http://www.2020applications.com

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ &lt;sonicdefence[at]gmail.com&gt;

Special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

Greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

Special Shoutz :? H***** [my Girl Frnd] [Elite .NET Programmer]

#######################################################################################################
Description:

20/20 Auto Gallery is ideal for automotive organizations. Our customers use it for car and truck dealerships, boats and marine vehicle dealerships, rental fleets, motorcycles sales, collector’s clubs, and heavy equipment. Put your web site miles ahead of your competitors!

#######################################################################################################
Xploit :SQL iNjectioN? Vulnerabilty

DEMO URL? http://www.2020autogallery.com/2020applications/vehiclelistings.asp?agentID=2 [SQLi]

###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco
# profile http://inj3ct0r.com/author/2545

# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-07]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13221