SZUserMgnt Username Parameter SQL Injection Vulnerability

An exploit is not required.

The following proof of concept is available:

http://www.example.com/szusermgnt/www/login.php
Username: ' or 1/*
Password: any


 

Privacy Statement
Copyright 2010, SecurityFocus