Computer Security

Security Advisory: [Full-disclosure] Autentificator v2.01 SQL Injection Vulnerabilty
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  MyBace Light (hauptverzeichnis
s) Remote File Inclusion

  [Full-disclosure] PHP-Revista Multiple Vulnerabilities

  [Full-disclosure] ssLinks v1.22 Multiple SQL Injection Vulnerabilities

  Icblogger <= "YID" Remote Blind SQL Injection

From:Eduardo Vela <sirdarckcat_(at)_gmail.com>
Date:02.09.2006
Subject:[Full-disclosure] Autentificator v2.01 SQL Injection Vulnerabilty

Discovered by Sirdarckcat from elhacker.net
---------------------------------------------------------------------------------
---

Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html

---------------------------------------------------------------------------------
---

Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.

It suffers of a SQL Injection vulnerability.

---------------------------------------------------------------------------------
---

PoC:

http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something

---------------------------------------------------------------------------------
---

Att.
Sirdarckcat
elhacker.net

--
Att.
SirDarckCat@GMail.com

http://www.google.com/search?q=sirdarckcat

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server