Pre Studio Business Cards Designer SQL Injection

2011-10-20T00:00:00
ID EDB-ID:18009
Type exploitdb
Reporter dr_zig
Modified 2011-10-20T00:00:00

Description

Pre Studio Business Cards Designer SQL Injection. CVE-2011-5139. Webapps exploit for asp platform

                                        
                                            =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit Title: Pre Studio Business Cards Designer SQL Injection Vulnerability
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author: dr_zig
Date: 20-10-2011
Software Link: http://www.preprojects.com/card.asp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

proof of concept:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://example.com/prestudio/page.php?id=[SQL Injection]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~