Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

HotPlugCMS_1.0 - SQL Injection Vulnerability

From: guest01 () gmail com
Date: 15 Jun 2006 11:31:59 -0000
HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.

Typical, very simple SQL Injection.

peda
Previous By Date Next
Previous By Thread Next

Current thread: