BDSMIS TraX with Payroll SQL Injection Vulnerabili

Test method:

The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: BDSMIS TraX with Payroll SQL Vulnerable
Code: ASP 3.0 & VBScript
Vendor url: http://bdsmis.com
Version: 4.2
Price: 89 $
Published: 2010-06-1
Greetz to: Sid3 ^ effects, MaYur, M4n0j, Dark Blue, S1ayer, d3c0d3r, KD and
All ICW members.
Spl Greetz to: inj3ct0r.com Team
 
######################################## ######################################## ######################################## ######################################## #####################################
 
Description:
 
Manage Payroll and track leave/sickness-absence/travel. Manage all forms
Out of office events. Integrated time keeping systems/payroll
Systems. Weeks/Month/Year Interface.
 
 
######################################## ######################################## ######################################## ######################################## #######################################
 
Vulnerability:
 
* SQLi Vulnerability
 
Demo url:
 
Asp? CatId = [sqli "> http: // [site]/content. asp? CatId = [sqli]
 
# 0day n0 m0re #
# L0rd CrusAd3r #
 
 
--
With R3gards,
L0rd CrusAd3r