CVE-2008-0487

ASPired2Protect - SQL Injection via Username and Password Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0487. PoCs published by T_L_O_T_D.

AI-analyzed exploit summary The exploit describes an SQL injection vulnerability in ASPired2Protect that allows authentication bypass by injecting a simple SQL payload. No actual code is provided, only a description of the vulnerability and a basic payload example.

Description

Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by T_L_O_T_D · textwebappsasp

https://www.exploit-db.com/exploits/31070

View Code ZIP pw:eip

The exploit describes an SQL injection vulnerability in ASPired2Protect that allows authentication bypass by injecting a simple SQL payload. No actual code is provided, only a description of the vulnerability and a basic payload example.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ASPired2Protect

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK