13 lines
No EOL
579 B
Text
13 lines
No EOL
579 B
Text
source: http://www.securityfocus.com/bid/9438/info
|
|
|
|
XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries.
|
|
|
|
http://www.example.com/photoalbum/admin/adminlogin.asp
|
|
|
|
If we type:
|
|
|
|
Username: 'or'
|
|
Password: 'or'
|
|
|
|
We gain admin access about the password protected
|
|
administrative pages. |