BugTraq
Back to list
|
Post reply
ASPjar guestbook (Injection in login page)
Feb 10 2005 07:05PM
farhad koosha (farhadkey yahoo com)
Go to /admin/login.asp and type in password field:
' or ''='
Also in some version of ASPjar , Attackers can delete messages .
Go to /admin/delete.asp
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Go to /admin/login.asp and type in password field:
' or ''='
Also in some version of ASPjar , Attackers can delete messages .
Go to /admin/delete.asp
[ reply ]