vendor:
BPDirectory
by:
v3n0m
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: BPDirectory
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
BPDirectory Authentication Bypass Vulnerability
An authentication bypass vulnerability exists in BPDirectory - Business Directory ASP.NET Script. An attacker can exploit this vulnerability by accessing the AdminLogin.aspx page and logging in with the username 'admin' and the password '1'or'1'='1' to gain access to the application.
Mitigation:
Ensure that authentication credentials are properly validated and that user input is properly sanitized.
