header-logo
Suggest Exploit
vendor:
bttlxe Forum
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: bttlxe Forum
Affected Version From: bttlxe Forum
Affected Version To: bttlxe Forum
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

bttlxe Forum SQL Injection Vulnerability

An SQL injection vulnerability has been reported to affect the 'login.asp' page of bttlxe Forum. The condition is reportedly due to insufficient sanitization of externally supplied data that is used to construct SQL queries. This data may be supplied via the 'password' field during the authentication process. The consequences may vary depending on the particular database implementation and the nature of the specific queries. One scenario reported was bypassing the bttlxe forum authentication system, however other attacks may also be possible. Log into a vulnerable forum using the following password: 'or''='. A username is not required.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used to construct SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7416/info

bttlxe Forum is a web-based discussion forum implemented in ASP.

An SQL injection vulnerability has been reported to affect the 'login.asp' page of bttlxe Forum.

The condition is reportedly due to insufficient sanitization of externally supplied data that is used to construct SQL queries. This data may be supplied via the 'password' field during the authentication process. The consequences may vary depending on the particular database implementation and the nature of the specific queries. One scenario reported was bypassing the bttlxe forum authentication system, however other attacks may also be possible.

Log into a vulnerable forum using the following password:
'or''='

A username is not required.

Navigation

Suggest Exploit

Services By CQR