Go to /admin/login.asp and type in password field: ' or ''=' Also in some version of ASPjar , Attackers can delete messages . Go to /admin/delete.asp