CableTEL Triple Play 1.0 SQL Injection

CableTEL's Triple Play v1.0 login.php Remote Login Bypass SQL Injection Exploit 21.12.2009 by Gjoko 'LiquidWorm' Krstic Zero Science Lab http://www.zeroscience.mk Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4925.php PoC: https://clients.site/clients/index.php user and pass: '+...

CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

Summary Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status. Description Triple Play suffers from a security bypass vulnerability login.php with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to...