TUCoPS :: Web BBS :: etc :: bt1202.txt

Re-Boot Design ASP Forum SQL injection Vulnerability 




Re-Boot Design ASP Forum SQL injection Vulnerability





Published: 24 September 2003



Released: 24 September 2003



Affected Systems: Re-Boot Design ASP Forum Version 1.01



Vendor: http://www.re-bootd.com



Issue: attackers can access users accounts without them knowing their passwords. 







Description:

============



"This is a complete, standalone forum that can be run on a server using IIS for web services. It has been fully tested on a Windows 2000 Server machine using IIS5. It is complete with user registration, administration, latest posts."





Details:

========

 

It's possibile to access users accounts without them knowing their passwords.

by using this code: 'or''=' as a password it possiblie to access any user account.





Discovered by / credit:

=======================



Bahaa Naamneh

b_naamneh@hotmail.com

http://www.bsecurity.tk

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH