Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
Autentificator <=2.01 SQL Injection Vulnerability
Sep 02 2006 12:32AM
sirdarckcat gmail com
Discovered by Sirdarckcat from elhacker.net
------------------------------------------------------------------------
------------
Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html
------------------------------------------------------------------------
------------
Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.
It suffers of a SQL Injection vulnerability.
------------------------------------------------------------------------
------------
PoC:
http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something
------------------------------------------------------------------------
------------
Att.
Sirdarckcat
elhacker.net
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
------------------------------------------------------------------------
------------
Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html
------------------------------------------------------------------------
------------
Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.
It suffers of a SQL Injection vulnerability.
------------------------------------------------------------------------
------------
PoC:
http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something
------------------------------------------------------------------------
------------
Att.
Sirdarckcat
elhacker.net
[ reply ]