Pre Studio Business Cards Designer - SQL Injection



EKU-ID: 23872 CVE: OSVDB-76596;CVE-2011-5139 OSVDB-ID:
Author: dr_zig Published: 2011-10-20 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit Title: Pre Studio Business Cards Designer SQL Injection Vulnerability
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author: dr_zig
Date: 20-10-2011
Software Link: http://www.preprojects.com/card.asp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

proof of concept:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://example.com/prestudio/page.php?id=[SQL Injection]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~