# Author: R4dc0re
# Exploit Title: T-Dreams FAQ Manager SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link:http://t-dreams.com
# Category:WebApp
#Demo Link:http://t-dreams.com/demo/FAQ/faq.asp
#Version:1.0
#Price:17.50$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com

########################################################################################
[Product Detail]

A full and ready to use ASP Script that enables you managing a FAQ List for your site. 
It lists FAQ questions and answers by categories. With search capabilities.
One important feature is that you can delete a category without deleting its questions and answers.
Changes in the script require (only if needed) modifying two files: Header and Footer. 
Of course you might need to change the connection string.
 
[Vulnerability]

SQL Injection:

http://t-dreams.com/demo/FAQ/faqlist.asp?order=[Code]
########################################################################################