ASPKnowledgebase vulnerable to SQL-inject

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ASPKnowledgebase vulnerable to SQL-inject
From: preben@xxxxxxxxxxx
Date: 8 Nov 2005 23:03:58 -0000

ASPKnowledgebase found at: 
http://www.asp-programmers.com/download-freeware.asp, does not properly sanitise it's admin logon fields. Therefore an SQL-inject will bypass the entire authentication process, giving you administrative rights. 

PoC of SQL could be 1'or'1'='1 on the admin logon page: /adminlogin.asp

Please credit to: Preben Nyløkken

Prev by Date: [EEYEB-20050901] Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability)
Next by Date: ASPKnowledgebase vulnerable to XSS injection.
Previous by thread: [EEYEB-20050901] Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability)
Next by thread: ASPKnowledgebase vulnerable to XSS injection.
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux