Pre Studio Business Cards Designer - SQL Injection

EDB-ID:

18009

Author:

dr_zig

Type:

webapps

Platform:

ASP

Published:

2011-10-20

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit Title: Pre Studio Business Cards Designer SQL Injection Vulnerability
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author: dr_zig
Date: 20-10-2011
Software Link: http://www.preprojects.com/card.asp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

proof of concept:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://example.com/prestudio/page.php?id=[SQL Injection]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~