T-Dreams Cars Ads Package 2.0 - SQL Injection

Author: R4dc0re
type: webapps
platform: asp
port: 
date_added: 2010-12-04 
date_updated: 2010-12-04 
verified: 1 
codes: OSVDB-69635;CVE-2010-4829 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Author: R4dc0re
# Exploit Title: T-Dreams Cars Ads Package SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Version:2.0
#Price:31$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members

Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

. JPhotos Upload to Database

. Up to 3 images per ad

. Car Makers & Car Models Categories

. Secure Members Area

. Member places many ads

. Web Based Administrating Area

. Easy to register Forms

. Information & Users Privacy

. Easy to merge with existing sites

. MS Access Included

. SQL Upgrading is enabled

. Open Source Code

[Vulnerability]

SQL Injection:

http://server/processview.asp?key=[Code]
########################################################################################