[VIM] ASP Survey - confusion and provenance

security curmudgeon jericho at attrition.org
Thu Feb 9 02:51:10 EST 2006


SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows 
remote attackers to execute arbitrary SQL commands via the Password 
parameter. NOTE: the provenance of this information is unknown; the 
details are obtained solely from third party information.

So we have Login_Validate.asp via unknown sources, and login.asp from this 
bugtraq post?

Vendor URL: http://asp.loftin-nc.com/ASPSurvey/

Demo URL: http://asp.loftin-nc.com/ASPSurvey/Demo/Admin/Login.asp


---------- Forwarded message ----------
From: mfoxhacker at gmail.com
To: bugtraq at securityfocus.com
Date: 4 Feb 2006 13:25:55 -0000
Subject: sql injection in ASP Survey

Hi guys
there is a simple sql injection in web app. (ASP Survey) by this vuln. you can go into the admin page

Target Page : login.asp
Vendor : ASP Survey
Exploit : User: admin Password: 'or'

Hacking: 1. search on google.com as :
allinurl:"login.asp" ASPsurvey
and then type the Exploit in correct order...
and Enjoy the admin CP.

More information about the VIM mailing list