Regarding : AdMentor v2.11 and earlier Homepage: http://www.aspcode.net AdMentor allows any user to login as admin. The base path of the login is usually : http://www.someserver.com/admentor/admin/admin.a sp By using Login : ' or ''=' , and Password : ' or ''=' We create a legal query because it will get appended as :SELECT row FROM table WHERE login = '' or ''='' Same goes for the password. This allows us to login without any trouble as the main admin. Vendor has been warned of the bug, but has not released a patch yet. Temporary solution, filter out the bad chars ' " ~ \ / by using the following piece of javascript : function RemoveBad(strTemp) { strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+| \-/g,""); return strTemp; } And calling it from within the asp script : var login = var TempStr = RemoveBad (Request.QueryString("login")); var password = var TempStr = RemoveBad (Request.QueryString("password")); Iam not sure about the correct vars set in the form, you might want to tweak it just a bit. Havent drunk my coffee yet :) Credits: Bug found by thran, thran60@hotmail.com
