[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: HotPlugCMS_1.0 - SQL Injection Vulnerability
From: guest01 () gmail ! com
Date: 2006-06-15 11:31:59
Message-ID: 20060615113159.15206.qmail () securityfocus ! com
[Download RAW message or body]
HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.
Typical, very simple SQL Injection.
peda
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic