[VIM] ASP Survey - confusion and provenance
security curmudgeon
jericho at attrition.org
Thu Feb 9 02:51:10 EST 2006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0192
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows
remote attackers to execute arbitrary SQL commands via the Password
parameter. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
So we have Login_Validate.asp via unknown sources, and login.asp from this
bugtraq post?
Vendor URL: http://asp.loftin-nc.com/ASPSurvey/
Demo URL: http://asp.loftin-nc.com/ASPSurvey/Demo/Admin/Login.asp
Thoughts?
---------- Forwarded message ----------
From: mfoxhacker at gmail.com
To: bugtraq at securityfocus.com
Date: 4 Feb 2006 13:25:55 -0000
Subject: sql injection in ASP Survey
Hi guys
there is a simple sql injection in web app. (ASP Survey) by this vuln. you can go into the admin page
Target Page : login.asp
Vendor : ASP Survey
Exploit : User: admin Password: 'or'
Hacking: 1. search on google.com as :
allinurl:"login.asp" ASPsurvey
and then type the Exploit in correct order...
and Enjoy the admin CP.
More information about the VIM
mailing list