ASP Portal Login.ASP Password Parameter SQL Injection Vulnerability
BID:13629
Info
ASP Portal Login.ASP Password Parameter SQL Injection Vulnerability
| Bugtraq ID: | 13629 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 14 2005 12:00AM |
| Updated: | May 14 2005 12:00AM |
| Credit: | Discovered by mehran gashtasebi <[email protected]>. |
| Vulnerable: |
ASP Portal ASP Portal 2.0 BETA |
| Not Vulnerable: | |
Discussion
ASP Portal Login.ASP Password Parameter SQL Injection Vulnerability
ASP Portal is prone to an SQL injection vulnerability in 'login.asp'. Exploitation of the vulnerability results in the successful authentication to the admin account permitting full access to the admin control features and the news management board. An attacker can easily edit, create or delete news articles.
ASP Portal is prone to an SQL injection vulnerability in 'login.asp'. Exploitation of the vulnerability results in the successful authentication to the admin account permitting full access to the admin control features and the news management board. An attacker can easily edit, create or delete news articles.
Exploit / POC
ASP Portal Login.ASP Password Parameter SQL Injection Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
ASP Portal Login.ASP Password Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ASP Portal Login.ASP Password Parameter SQL Injection Vulnerability
References:
References:
- ASP Portal Homepage (ASP Portal)