Computer Security
[EN] securityvulns.ru no-pyccku


ProFTPd SQL injection
Published:12.02.2009
Source:
SecurityVulns ID:9673
Type:remote
Threat Level:
7/10
Description:SQL injections in database modules.
Affected:PROFTPD : ProFTPD 1.3
CVE:CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.)
 CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.)
Original documentdocumentgat3way_(at)_gat3way.eu, Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (12.02.2009)
 documentSergio Aguayo, Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (12.02.2009)
 documentShino, Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (12.02.2009)
 documentgat3way_(at)_gat3way.eu, Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (12.02.2009)
Files:ProFTPd with mod_mysql Authentication Bypass Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod