Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   ASP Virtual News Manager Vendors:   Virtual Edge
ASP Virtual News Manager Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1013933
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 11 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  

Description:   Last Samurai reported a vulnerability in ASP Virtual News Manager. A remote user can inject SQL commands.

The 'aspvirtualnews/admin_login.asp' script does not properly validate user-supplied input in the 'password' parameter. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.

A demonstration exploit value is provided:

password= ' or ''='

The original advisory is available at:

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  ASP Virtual News Manager

                                  <<<<Security Advisory>>>>

Advisory Information
Software Package   : ASP Virtual News Manager
Vendor Homepage  : &
Platforms               : Windows based servers
Vulnerability           : Sql Injection
Risk                       : High!
Vulnerable Versions: All version

ASP Virtual News Manager is a Web-based ASP news management system
By using that you can Add articles, press releases, website announcements
 or any other news related information to your website. Secure
,browser-based admin area with WYSIWYG editor

password= ' or ''='

this is the login file

by using this user and password you will be taken to admin control
panel and the news management board
you can easily edit news create new articles and post them

Home page

contact me at

thanks to udnst and all under9round digital security members

Discovered by last samurai


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC