[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ASPKnowledgebase vulnerable to SQL-inject

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ASPKnowledgebase vulnerable to SQL-inject
From: preben@xxxxxxxxxxx
Date: 8 Nov 2005 23:03:58 -0000

ASPKnowledgebase found at: 
http://www.asp-programmers.com/download-freeware.asp, does not properly 
sanitise it's admin logon fields. Therefore an SQL-inject will bypass the 
entire authentication process, giving you administrative rights. 

PoC of SQL could be 1'or'1'='1 on the admin logon page: /adminlogin.asp

Please credit to: Preben Nyløkken

Prev by Date: New Bug KESM in GoogleTalk
Next by Date: ASPKnowledgebase vulnerable to XSS injection.
Previous by thread: Re: New Bug KESM in GoogleTalk
Next by thread: ASPKnowledgebase vulnerable to XSS injection.
Index(es):
- Date
- Thread