• info
• discussion
• exploit
• solution
• references

SZUserMgnt Username Parameter SQL Injection Vulnerability

An exploit is not required.

The following proof of concept is available:

http://www.example.com/szusermgnt/www/login.php
Username: ' or 1/*
Password: any