SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   ASPThai Vendors:   ASPThai.Net
ASPThai Input Validation Hole in 'login.asp' Permits SQL Injection Attacks
SecurityTracker Alert ID:  1015548
SecurityTracker URL:  http://securitytracker.com/id/1015548
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 27 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 8.0 and prior
Description:   A vulnerability was reported in ASPThai. A remote user can inject SQL commands.

The 'login.asp' does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited to gain administrative access to the target application.

Some demonstration exploit values are provided

username: admin

password: ' or '

Emperor Hacking Team reported this vulnerability.

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   Version 8.5 and later are not affected.
Vendor URL:  www.aspthai.net/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  hello


ASPThai Forums Version 8.0 & Lower Sql Injection Vulnerability
ASPThai is Prudoct of www.ASPThai.net and Made in Thailand
author : code.shell , <code.shell@yahoo.com>

########################################################
Target:

 http://www.example.com/[Forum target]/login.asp

 username: admin

 password: ' or '

########################################################

ASPThai Forums ver 8.5 & Uppers Not vulnerable!


----------------------------------------------------
Web Site: Www.imanOnline.com
E-Mail:info@imanOnline.com
----------------------------------------------------
 Emperor Hacking Team

 We Are: iM4n - shell.code - Sun.solaris - R$P
----------------------------------------------------

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC