Authentificator version 2.01 suffers from a SQL injection vulnerability.
e526ad4c8b11fe1cd5653bd4cb1f5f07138a84fd0a6d2efdddb07fe2eef1a25c
Discovered by Sirdarckcat from elhacker.net
------------------------------------------------------------------------------------
Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html
------------------------------------------------------------------------------------
Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.
It suffers of a SQL Injection vulnerability.
------------------------------------------------------------------------------------
PoC:
http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something
------------------------------------------------------------------------------------
Att.
Sirdarckcat
elhacker.net