Description - adminname Authentication Bypass in ScozBook
SQL Injection found in ScozBook script.
- Exploit
- Available
- Solution
- Not available - check ScozNet website
Vulnerable scripts: auth.php
Variable $adminname isn't properly sanitized before being used in a SQL query.
Script /auth.php from main directory registers session with $adminname and $adminpass variables which used by scripts from /admin/ dirrectory.
Condition: magic_quotes_gpc = off
Order Source Code Analysis
Prevent hacker attacks by source code review of your website or web application made by our team.The task will be done by experts in website security.