10 lines
No EOL
682 B
Text
10 lines
No EOL
682 B
Text
source: http://www.securityfocus.com/bid/4661/info
|
|
|
|
Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers.
|
|
|
|
Under some circumstances, it may be possible for a remote user to gain unauthorized access to pages protected by Spooky Login. The problem is a SQL query manipulation vulnerability in the authentication component.
|
|
|
|
It is possible for remote attackers to corrupt the logic of queries such that a successful login will occur regardless of the supplied password.
|
|
|
|
User: admin (this selects the first index from the table)
|
|
Password: ' OR ''=' |