CVE-2010-4186
OnlineTechTools OWOS Professional Edition 2.10 - SQL Injection via Password Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2010-4186. PoCs published by VSN, L0rd CrusAd3r.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Online Work Order Suite 2.10, with an example payload (' or 1=1 or ''='') but lacks executable exploit code. It references a security advisory without a functional PoC.
Description
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
Exploits (2)
The provided text describes an SQL injection vulnerability in Online Work Order Suite 2.10, with an example payload (' or 1=1 or ''='') but lacks executable exploit code. It references a security advisory without a functional PoC.
This is a writeup describing an authentication bypass vulnerability in Onlinetechtools OWOS: Professional Edition. The vulnerability can be exploited using the SQL injection pattern ' or 1=1 or ''='' to bypass authentication.