XtremeASP PhotoGallery 2.0 Adminlogin.ASP SQL Injection Vulnerability

ID SSV:77307
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                source: http://www.securityfocus.com/bid/9438/info

XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries.


If we type:

Username: 'or'
Password: 'or'

We gain admin access about the password protected
administrative pages.