ASPjar guestbook (Injection in login page)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ASPjar guestbook (Injection in login page)
From: farhad koosha <farhadkey@xxxxxxxxx>
Date: 10 Feb 2005 19:05:10 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Go to /admin/login.asp and type in password field:
' or ''='
Also in some version of ASPjar , Attackers can delete messages .
Go to /admin/delete.asp

Prev by Date: Symantec UPX Parsing Engine Heap Overflow
Next by Date: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
Previous by thread: Re: Symantec UPX Parsing Engine Heap Overflow
Next by thread: iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow
Index(es):
- Date
- Thread