[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: ASPKnowledgebase vulnerable to SQL-inject
From: preben () watchcom ! no
Date: 2005-11-08 23:03:58
Message-ID: 20051108230358.23970.qmail () securityfocus ! com
[Download RAW message or body]
ASPKnowledgebase found at:
http://www.asp-programmers.com/download-freeware.asp, does not properly sanitise it's \
admin logon fields. Therefore an SQL-inject will bypass the entire authentication \
process, giving you administrative rights.
PoC of SQL could be 1'or'1'='1 on the admin logon page: /adminlogin.asp
Please credit to: Preben Nyløkken
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic