• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Land Down Under Auth.PHP SQL Injection Vulnerability

Land Down Under is prone to SQL injection attacks. This is due to an input validation error in the 'auth.php' script, which will permit remote attackers to influence database queries. This could be used to bypass authentication or mount other attacks against the software or the underlying database.

** A proof-of-concept was included in the initial vulnerability report that does not appear to work due to the software forcing authentication afterwards. However, this does not eliminate the risk of this issue since it is still possible for a remote attacker to influence SQL queries on vulnerable versions.