Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14123
HistorySep 02, 2006 - 12:00 a.m.

[Full-disclosure] Autentificator v2.01 SQL Injection Vulnerabilty

2006-09-0200:00:00
vulners.com
24

Discovered by Sirdarckcat from elhacker.net

Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html


Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.

It suffers of a SQL Injection vulnerability.


PoC:

http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something


Att.
Sirdarckcat
elhacker.net


Att.
[email protected]

http://www.google.com/search?q=sirdarckcat