<<< Date Index >>>     <<< Thread Index >>>

HotPlugCMS_1.0 - SQL Injection Vulnerability



HotPlugCMS doesn't check input field values, so logging in on 
/hotplugcms/administration/tblcontent
is very easy with
' OR 1=1 /*
and a SQL-inject will bypass the entire authentication process.

Typical, very simple SQL Injection.

peda