source: http://www.securityfocus.com/bid/7416/info bttlxe Forum is a web-based discussion forum implemented in ASP. An SQL injection vulnerability has been reported to affect the 'login.asp' page of bttlxe Forum. The condition is reportedly due to insufficient sanitization of externally supplied data that is used to construct SQL queries. This data may be supplied via the 'password' field during the authentication process. The consequences may vary depending on the particular database implementation and the nature of the specific queries. One scenario reported was bypassing the bttlxe forum authentication system, however other attacks may also be possible. Log into a vulnerable forum using the following password: 'or''=' A username is not required.
Related ExploitsTrying to match CVEs (1): CVE-2003-0215
Trying to match OSVDBs (1): 8444
Other Possible E-DB Search Terms: Battleaxe Software BTTLXE Forum