PHPNews Auth.PHP SQL Injection Vulnerability

PHPNews Auth.PHP SQL Injection Vulnerability

An example of exploitation is as follows: (please note that magic_quotes_gpc must be set to 0 for this to succeed)

Navigate to the user logon form.

Enter the following string into the Username field:

anything' or '1'='1'/*

followed by any characters in the Password field.