Dragon Internet Events Listing 2.0.01 - 'admin_login.asp' Multiple Field SQL Injections
| EKU-ID: 34247 | CVE: CVE-2006-6066;OSVDB-30443 | OSVDB-ID: |
| Author: Benjamin Moss | Published: 2006-11-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34247 | CVE: CVE-2006-6066;OSVDB-30443 | OSVDB-ID: |
| Author: Benjamin Moss | Published: 2006-11-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database implementation, and gain unauthorized access to the affected application. username: 'or''=' passwd: 'or''='