[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    HotPlugCMS_1.0 - SQL Injection Vulnerability
From:       guest01 () gmail ! com
Date:       2006-06-15 11:31:59
Message-ID: 20060615113159.15206.qmail () securityfocus ! com
[Download RAW message or body]

HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.

Typical, very simple SQL Injection.

peda
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic