ASPSiteware Recipe Organizer SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ASPSiteware Recipe Organizer SQL Injection
# Published : 2010-12-04
# Author : R4dc0re
# Previous Title : SOOP Portal 2.0 Remote Upload Shell Vulnerability
# Next Title : HotWebScripts HotWeb Rentals (resorts.asp) SQL injection

# Author: R4dc0re
# Exploit Title: ASPSiteware Recipe Organizer SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link: www.aspsiteware.com
# Category:WebApp
#Version:1.0
#Price:50$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com
 
########################################################################################
[Product Detail]

Recipe Organizer is an application that allows you to setup and share your recipes online. 
Great for personal use or as part of a cooking, diet or food related web site. 
Backend by Access database, Recipe Organizer can store thousands of recipes in an unlimited number
of categories.
 
[Vulnerability]

SQL Injection:

http://server/Recipes/type.asp?iType=[Code]
########################################################################################