Published: 07/08/2003 Updated: 05/09/2008

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD prior to 1.2.9rc1 allows remote malicious users to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
proftpd project proftpd 1.2.9_rc1

runlevel [runlevel@raregazzorg] reported that ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack This vulnerability could be exploited by a remote, unauthenticated attacker to execute arbitrary SQL statements, potentially exposing the passwords of other users, or to connect to ProFTPD as an arbitrary user without s ...

#!/usr/bin/perl # ProFTPD 129 rc1 mod_sql SQL Injection remote Exploit # Spaine - 2003 use IO::Socket; if(@ARGC<2){ print "\nProof Of Concept Sql Inject on ProFTPD\n"; print "Usage: perl poc-sqlftp <target> [1=Alternate query]\n\n"; exit(0); }; $server = $ARGV[0]; $query = $ARGV[1]; $remote = IO::Socket::INET->new(Proto ...

NVD-CWE-Other http://www.debian.org/security/2003/dsa-338 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html https://nvd.nist.gov https://www.debian.org/security/./dsa-338 https://www.exploit-db.com/exploits/43/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0500

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect