03.03.2009 - Bugs: [A] SQL Injection [B] Authentication Bypass [C] Local File Inclusion File affected: admin.login.php $username = $_POST['username']; .