[原文]SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
Password Protect is reported prone to a multiple cross-site scripting and SQL injection vulnerabilities. These issues occur due to insufficient sanitization of user-supplied input. Successful exploitation of these issues may result in arbitrary HTML and script code execution and/or compromise of the underlying database.
It is reported that these issues could be exploited to gain unauthorized administrative access to the application.
All versions of Password Protect are considered vulnerable to these issues.
/adminSection/index_next.asp?admin = (SQLInjection) Pass = (SQLInjection)
/adminSection/ChangePassword.asp?LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)
Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the variables "LoginId", "OPass",
"NPass" and "CPass" in the "ChangePassword.asp" module are not verified properly and will allow an attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.