[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ASPKnowledgebase vulnerable to SQL-inject
From:       preben () watchcom ! no
Date:       2005-11-08 23:03:58
Message-ID: 20051108230358.23970.qmail () securityfocus ! com
[Download RAW message or body]

ASPKnowledgebase found at: 
http://www.asp-programmers.com/download-freeware.asp, does not properly sanitise it's \
admin logon fields. Therefore an SQL-inject will bypass the entire authentication \
process, giving you administrative rights. 

PoC of SQL could be 1'or'1'='1 on the admin logon page: /adminlogin.asp

Please credit to: Preben Nyløkken


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic