Vulnerabilities > CVE-2006-1541 - SQL Injection vulnerability in EzASPSite Default.ASP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
id | EDB-ID:1623 |
References
- http://marc.info/?l=full-disclosure&m=114367573519326&w=2
- http://secunia.com/advisories/19441
- http://www.nukedx.com/?viewdoc=22
- http://www.osvdb.org/24256
- http://www.securityfocus.com/archive/1/429487/100/0/threaded
- http://www.securityfocus.com/bid/17309
- http://www.vupen.com/english/advisories/2006/1164
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25544
- https://www.exploit-db.com/exploits/1623