[40622] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

aspReady FAQ - open for SQL-injections

daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Thu Oct 6 13:16:34 2005

Date: 6 Oct 2005 17:13:19 -0000
Message-ID: <20051006171319.3570.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: preben@watchcom.no
To: bugtraq@securityfocus.com

The free, open source project called "aspReady FAQ" is open for SQL-injection. 

This results is admin access with the ability change/delete the entire database.

An example on SQL-inject that works could be:
1'or'1'='1

After doing a google search, I've found out that some companies are actually using this free aspReady FAQ. 

Credits to: Preben Nylokken

The system can be found at:
http://pscode.com/vb/scripts/ShowCode.asp?txtCodeId=9055&lngWId=4

Live sample can be found and tested on:
www.itsikkerhet.com/db/faq

- Preben Nyloekken


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40622] in bugtraq

aspReady FAQ - open for SQL-injections

daemon@ATHENA.MIT.EDU (preben@watchcom.no)Thu Oct 6 13:16:34 2005

daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Thu Oct 6 13:16:34 2005