Lucene search
PosidronEDB-ID:23547HistoryJan 16, 2004 - 12:00 a.m.
XtremeASP PhotoGallery 2.0 - 'Adminlogin.asp' SQL Injection
2004-01-1600:00:00
posidron
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/9438/info
XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries.
http://www.example.com/photoalbum/admin/adminlogin.asp
If we type:
Username: 'or'
Password: 'or'
We gain admin access about the password protected
administrative pages.Related
nessus
nessus
XTreme ASP Photo Gallery adminlogin.asp Multiple Parameter SQL Injection
2004-01-16 00:00:00
nvd
nvd
CVE-2004-2746
2004-12-31 05:00:00
cve
cve
CVE-2004-2746
2007-11-08 20:00:00
cvelist
cvelist
CVE-2004-2746
2007-11-08 20:00:00