Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-3043.htm

HotPlugCMS_1.0 - SQL Injection Vulnerability



HotPlugCMS_1.0 - SQL Injection Vulnerability
HotPlugCMS_1.0 - SQL Injection Vulnerability



HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent=0D
is very easy with=0D
' OR 1=1 /*=0D
and a SQL-inject will bypass the entire authentication process.=0D
=0D
Typical, very simple SQL Injection.=0D
=0D
peda


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH