Autentificator <=2.01 SQL Injection Vulnerability

sirdarckcat Sat, 02 Sep 2006 09:29:14 -0700

Discovered by Sirdarckcat from elhacker.net

------------------------------------------------------------------------------------



Autentificator v2.01 SQL Injection

http://www.hotscripts.com/Detailed/15291.html


------------------------------------------------------------------------------------


Autentificator is a simple PHP based program for

helping administrators to controll access to certain

pages.


It suffers of a SQL Injection vulnerability.


------------------------------------------------------------------------------------


PoC:


http://autentificator/aut_verifica.inc.php

POST DATA:

user='+[SQL]&pass=something


------------------------------------------------------------------------------------


Att.

Sirdarckcat

elhacker.net

Autentificator <=2.01 SQL Injection Vulnerability

Reply via email to