CVE-2006-1541

EzASPSite <2.0 RC3 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · perlwebappsasp

https://www.exploit-db.com/exploits/1623

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25544

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1623

[Third Party Advisory] http://secunia.com/advisories/19441

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1164

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17309

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24256

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/429487/100/0/threaded

[Mailing List] http://marc.info/?l=full-disclosure&m=114367573519326&w=2

[Exploit] http://www.nukedx.com/?viewdoc=22

Scores

EPSS 0.0148

EPSS Percentile 81.1%

Details

Status published

Products (1)

ezaspsite/ezaspsite < 2.0_rc3

Published Mar 30, 2006

Tracked Since Feb 18, 2026