[VIM] AdMentor SQL injection Exploit (dupe of CVE-2007-0575)

Heinbockel, Bill heinbockel at mitre.org
Wed Feb 28 14:39:36 EST 2007

BUGTRAQ:20070220 AdMentor Script Remote SQL injection Exploit

Cr at zy_King claims that there is a SQL injection in AdMentor
(admin/login.asp) via the kullanici and parola parameters.
After some research, AdMentor does not appear to be distributed in
while kullanici and parola are Turkish for username and password.

Not surprisingly, the provided exploit forum looks strangely similar to
the one used here:

Anyway, this appears to be a dupe of CVE-2007-0575 from last month.


Multiple SQL injection vulnerabilities in the administrative login page
ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL
via the (1) Userid and (2) Password fields.

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list