[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ASPjar guestbook (Injection in login page)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ASPjar guestbook (Injection in login page)
From: farhad koosha <farhadkey@xxxxxxxxx>
Date: 10 Feb 2005 19:05:10 -0000


Go to /admin/login.asp and type in password field:
' or ''='
Also in some version of ASPjar , Attackers can delete messages .
Go to /admin/delete.asp

Prev by Date: Symantec UPX Parsing Engine Heap Overflow
Next by Date: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
Previous by thread: Re: Symantec UPX Parsing Engine Heap Overflow
Next by thread: iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow
Index(es):
- Date
- Thread