Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: BDSMIS TraX with Payroll SQL Vulnerable
Code: ASP 3.0 & VBScript
Vendor url: http://bdsmis.com
Version: 4.2
Price: 89 $
Published: 2010-06-1
Greetz to: Sid3 ^ effects, MaYur, M4n0j, Dark Blue, S1ayer, d3c0d3r, KD and
All ICW members.
Spl Greetz to: inj3ct0r.com Team
######################################## ######################################## ######################################## ######################################## #####################################
Description:
Manage Payroll and track leave/sickness-absence/travel. Manage all forms
Out of office events. Integrated time keeping systems/payroll
Systems. Weeks/Month/Year Interface.
######################################## ######################################## ######################################## ######################################## #######################################
Vulnerability:
* SQLi Vulnerability
Demo url:
Asp? CatId = [sqli "> http: // [site]/content. asp? CatId = [sqli]
# 0day n0 m0re #
# L0rd CrusAd3r #
--
With R3gards,
L0rd CrusAd3r