[Full-disclosure] Autentificator v2.01 SQL Injection Vulnerabilty

2006-09-02T00:00:00
ID SECURITYVULNS:DOC:14123
Type securityvulns
Reporter Securityvulns
Modified 2006-09-02T00:00:00

Description

Discovered by Sirdarckcat from elhacker.net

Autentificator v2.01 SQL Injection http://www.hotscripts.com/Detailed/15291.html


Autentificator is a simple PHP based program for helping administrators to controll access to certain pages.

It suffers of a SQL Injection vulnerability.


PoC:

http://autentificator/aut_verifica.inc.php POST DATA: user='+[SQL]&pass=something


Att. Sirdarckcat elhacker.net

-- Att. SirDarckCat@GMail.com

http://www.google.com/search?q=sirdarckcat