BugTraq
Autentificator <=2.01 SQL Injection Vulnerability Sep 02 2006 12:32AM
sirdarckcat gmail com
Discovered by Sirdarckcat from elhacker.net

------------------------------------------------------------------------
------------

Autentificator v2.01 SQL Injection

http://www.hotscripts.com/Detailed/15291.html

------------------------------------------------------------------------
------------

Autentificator is a simple PHP based program for

helping administrators to controll access to certain

pages.

It suffers of a SQL Injection vulnerability.

------------------------------------------------------------------------
------------

PoC:

http://autentificator/aut_verifica.inc.php

POST DATA:

user='+[SQL]&pass=something

------------------------------------------------------------------------
------------

Att.

Sirdarckcat

elhacker.net

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus