CVE-2003-0215
bttlxeforum < 2.0_beta_3 - SQL Injection via Username and Password Fields
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-0215. PoCs published by Du|L.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in bttlxe Forum's login.asp page, allowing authentication bypass by injecting a malformed password string. The payload 'or''=' manipulates the SQL query to bypass authentication without requiring a valid username.
Description
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in bttlxe Forum's login.asp page, allowing authentication bypass by injecting a malformed password string. The payload 'or''=' manipulates the SQL query to bypass authentication without requiring a valid username.