[VIM] AdMentor SQL injection Exploit (dupe of CVE-2007-0575)

Heinbockel, Bill heinbockel at mitre.org
Wed Feb 28 14:39:36 EST 2007


BUGTRAQ:20070220 AdMentor Script Remote SQL injection Exploit
http://www.securityfocus.com/archive/1/archive/1/460632/100/100/threade
d

Cr at zy_King claims that there is a SQL injection in AdMentor
(admin/login.asp) via the kullanici and parola parameters.
After some research, AdMentor does not appear to be distributed in
Turkish,
while kullanici and parola are Turkish for username and password.

Not surprisingly, the provided exploit forum looks strangely similar to
the one used here:
http://www.securityfocus.com/archive/1/archive/1/453234/100/0/threaded


Anyway, this appears to be a dupe of CVE-2007-0575 from last month.

=====================================================

Multiple SQL injection vulnerabilities in the administrative login page
in
ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL
commands
via the (1) Userid and (2) Password fields.



William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615


More information about the VIM mailing list