[Full-disclosure] Autentificator v2.01 SQL Injection Vulnerabilty
SirDarckCat
sirdarckcat at gmail.com
Sat Sep 2 01:43:31 BST 2006
Discovered by Sirdarckcat from elhacker.net
------------------------------------------------------------------------------------
Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html
------------------------------------------------------------------------------------
Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.
It suffers of a SQL Injection vulnerability.
------------------------------------------------------------------------------------
PoC:
http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something
------------------------------------------------------------------------------------
Att.
Sirdarckcat
elhacker.net
--
Att.
SirDarckCat at GMail.com
http://www.google.com/search?q=sirdarckcat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060901/80cdcc07/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.