- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 22529
- Проверка EDB
-
- Пройдено
- Автор
- DU|L
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2003-0215
- Дата публикации
- 2003-04-23
Код:
source: https://www.securityfocus.com/bid/7416/info
bttlxe Forum is a web-based discussion forum implemented in ASP.
An SQL injection vulnerability has been reported to affect the 'login.asp' page of bttlxe Forum.
The condition is reportedly due to insufficient sanitization of externally supplied data that is used to construct SQL queries. This data may be supplied via the 'password' field during the authentication process. The consequences may vary depending on the particular database implementation and the nature of the specific queries. One scenario reported was bypassing the bttlxe forum authentication system, however other attacks may also be possible.
Log into a vulnerable forum using the following password:
'or''='
A username is not required.- Источник
- www.exploit-db.com
