[转载]ASPjar Guestbook login.asp SQL Injection
信息来源:[url]www.securiteam.com[/url]Summary
Due to a vulnerability in the way login.asp handles incoming requests, a remote attacker can cause the program to execute arbitrary SQL statements by supplying arbitrary values to the password parameter.
Credit:
The information has been provided by farhad koosha.
Details
Vulnerable Systems:
* ASPjar Guestbook version 1.0
Exploit:
Supply in the password field ' or ''=', this should allow you to bypass the authentication process used by ASPjar Guestbook.
Solution:
The product no longer exists, nor is the company that wrote it.
页:
[1]