ASPSiteware Contact Directory 1.0 SQL Injection

2010-12-04T00:00:00
ID PACKETSTORM:96367
Type packetstorm
Reporter R4dc0re
Modified 2010-12-04T00:00:00

Description

                                        
                                            `# Author: R4dc0re  
# Exploit Title: ASPSiteware Contact Directory SQL injection Vulnerability  
# Date: 04-12-2010  
# Vendor or Software Link: www.aspsiteware.com  
# Category:WebApp  
#Demo Link:http://www.aspsiteware.com/Directory  
#Version:1.0  
#Price:40$  
#Contact: R4dc0re@yahoo.fr  
#Website: www.1337db.com  
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members   
  
Submit Your Exploit at Submit@1337db.com  
  
########################################################################################  
[Product Detail]  
  
Contact Directory is an application that allows you to set up and share contacts online.  
Great for a club or organization web site or for personal use.  
Backend by Access database, Contact Directory can store thousands of names and contact information  
in alphabetical categories.  
  
[Vulnerability]  
  
SQL Injection:  
http://www.aspsiteware.com/Directory/type.asp?iType=[Code]  
########################################################################################  
  
`