('binary' encoding is not supported, stored as-is) SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.74 hits, 5 required) SPAM: Hit! (1.94 points) From: ends in numbers SPAM: Hit! (3 points) Listed in Razor, see http://razor.sourceforge.net/ SPAM: Hit! (0.8 points) Forged hotmail.com 'Received:' header found SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- Regarding : AdMentor v2.11 and earlier Homepage: http://www.aspcode.net AdMentor allows any user to login as admin. The base path of the login is usually : http://www.someserver.com/admentor/admin/admin.a sp By using Login : ' or ''=' , and Password : ' or ''=' We create a legal query because it will get appended as :SELECT row FROM table WHERE login = '' or ''='' Same goes for the password. This allows us to login without any trouble as the main admin. Vendor has been warned of the bug, but has not released a patch yet. Temporary solution, filter out the bad chars ' " ~ \ / by using the following piece of javascript : function RemoveBad(strTemp) { strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+| \-/g,""); return strTemp; } And calling it from within the asp script : var login = var TempStr = RemoveBad (Request.QueryString("login")); var password = var TempStr = RemoveBad (Request.QueryString("password")); Iam not sure about the correct vars set in the form, you might want to tweak it just a bit. Havent drunk my coffee yet :) Credits: Bug found by thran, thran60at_private
This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 08:35:46 PST