ID EDB-ID:31070 Type exploitdb Reporter T_L_O_T_D Modified 2008-01-28T00:00:00
Description
ASPired2Protect Login Page SQL Injection Vulnerability. CVE-2008-0487. Webapps exploit for asp platform
source: http://www.securityfocus.com/bid/27474/info
ASPired2Protect is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The following exploit information is available:
Passing:
' or '
will bypass the authentication process.
{"id": "EDB-ID:31070", "hash": "b08dc8a268faf83e5999c2fead90a3e1", "type": "exploitdb", "bulletinFamily": "exploit", "title": "ASPired2Protect Login Page SQL Injection Vulnerability", "description": "ASPired2Protect Login Page SQL Injection Vulnerability. CVE-2008-0487. Webapps exploit for asp platform", "published": "2008-01-28T00:00:00", "modified": "2008-01-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/31070/", "reporter": "T_L_O_T_D", "references": [], "cvelist": ["CVE-2008-0487"], "lastseen": "2016-02-03T13:47:45", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-03T13:47:45"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0487"]}], "modified": "2016-02-03T13:47:45"}, "vulnersScore": 7.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/31070/", "sourceData": "source: http://www.securityfocus.com/bid/27474/info\r\n\r\nASPired2Protect is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data.\r\n\r\nA successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nThe following exploit information is available:\r\n\r\nPassing:\r\n\r\n' or '\r\n\r\nwill bypass the authentication process. ", "osvdbidlist": ["40768"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:25", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.", "modified": "2018-10-15T22:00:00", "id": "CVE-2008-0487", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0487", "published": "2008-01-30T22:00:00", "title": "CVE-2008-0487", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
