banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits HotPlugCMS_1.0 - SQL Injection  XML
  [Question]   HotPlugCMS_1.0 - SQL Injection 16/06/2006 15:17:32 (+0700) | #1 | 390
[Avatar]
LeonHart
HVA Friend

Joined: 10/01/2003 11:11:52
Messages: 215
Location: Secret
Offline
[Profile] [PM]
HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.

Typical, very simple SQL Injection.

peda
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|