[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a new sql injection for aspjar guestbook

To: arash_pc0@xxxxxxxxx
Subject: Re: a new sql injection for aspjar guestbook
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Tue, 12 Jul 2005 04:12:15 -0400 (EDT)

: hello , my name is: (arash setayeshi) & my yahoo id is : arash_pc0
:  I found a new vulnerability in aspjar guestbook that we can control 
: website & go to admin control panel by (sql injection).
:  sql injection : in login page(guestbook/admin/login.asp) , username 
: should be blank & password is : ' or 'x'='x . by this work we will be in 
: admin control panel so :

This was disclosed to Bugtraq on 2005-02-10 by farhad koosha 
(farhadkey@xxxxxxxxx).

http://archives.neohapsis.com/archives/bugtraq/2005-02/0097.html

References:
- a new sql injection for aspjar guestbook
  - From: arash_pc0

Prev by Date: Cisco Security Advisory: Cisco CallManager Memory Handling Vulnerabilities
Next by Date: Re: Problems with the Oracle Critical Patch Update for April 2005
Previous by thread: a new sql injection for aspjar guestbook
Next by thread: JBoss jBPM 2.0: Remote code execution and classloader covert channel
Index(es):
- Date
- Thread