ASPSiteware Recipe Organizer SQL injection Vulnerability

vendor:

Recipe Organizer

by:

R4dc0re

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Recipe Organizer

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:aspsiteware:recipe_organizer:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

ASPSiteware Recipe Organizer SQL injection Vulnerability

Recipe Organizer is an application that allows users to setup and share recipes online. It is backed by an Access database and can store thousands of recipes in an unlimited number of categories. The vulnerability exists in the type.asp page, where an attacker can inject malicious code into the iType parameter.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the iType parameter.

Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title: ASPSiteware Recipe Organizer SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link: www.aspsiteware.com
# Category:WebApp
#Version:1.0
#Price:50$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com
 
########################################################################################
[Product Detail]

Recipe Organizer is an application that allows you to setup and share your recipes online. 
Great for personal use or as part of a cooking, diet or food related web site. 
Backend by Access database, Recipe Organizer can store thousands of recipes in an unlimited number
of categories.
 
[Vulnerability]

SQL Injection:

http://server/Recipes/type.asp?iType=[Code]
########################################################################################