CVE-2006-1541 Information

Description

SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.

Reference

http://marc.info/?l=full-disclosure&m=114367573519326&w=2 http://secunia.com/advisories/19441 http://www.nukedx.com/?viewdoc=22 http://www.osvdb.org/24256 http://www.securityfocus.com/archive/1/429487/100/0/threaded http://www.securityfocus.com/bid/17309 http://www.vupen.com/english/advisories/2006/1164 https://exchange.xforce.ibmcloud.com/vulnerabilities/25544 https://www.exploit-db.com/exploits/1623