HotPlugCMS_1.0 - SQL Injection Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: HotPlugCMS_1.0 - SQL Injection Vulnerability
From: guest01@xxxxxxxxx
Date: 15 Jun 2006 11:31:59 -0000

HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.

Typical, very simple SQL Injection.

peda

Prev by Date: Advisory: Unauthorized password recovery in phpBannerExchange
Next by Date: Andys Chat 4.5 (action) Remote File Inclusion
Previous by thread: Advisory: Unauthorized password recovery in phpBannerExchange
Next by thread: Andys Chat 4.5 (action) Remote File Inclusion
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux