T-Dreams FAQ Manager version 1.0 suffers from a remote SQL injection vulnerability.
58915d5b378687b02abe228483988ddaa6bc4a200507b62a72c0d33188a286d5
# Author: R4dc0re
# Exploit Title: T-Dreams FAQ Manager SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Demo Link:http://t-dreams.com/demo/FAQ/faq.asp
#Version:1.0
#Price:17.50$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
Submit Your Exploit at Submit@1337db.com
########################################################################################
[Product Detail]
A full and ready to use ASP Script that enables you managing a FAQ List for your site.
It lists FAQ questions and answers by categories. With search capabilities.
One important feature is that you can delete a category without deleting its questions and answers.
Changes in the script require (only if needed) modifying two files: Header and Footer.
Of course you might need to change the connection string.
[Vulnerability]
SQL Injection:
http://t-dreams.com/demo/FAQ/faqlist.asp?order=[Code]
########################################################################################