This is a writeup describing a SQL injection vulnerability in Contact Manager 1.0. The vulnerability occurs in the 'login.php' file when the 'forgot' parameter is set to '2' and the 'femail' parameter is used in an unsanitized SQL query.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Contact Manager 1.0
No auth needed
Prerequisites:Access to the vulnerable application