OWL Intranet Engine

[tony () libpcap net]

I was checking out the advisory, and noticed this clip:

        // Remove this else in a future version
        else {
           if ($username == "admin") {
                $sql->query("select * from $default->owl_users_table
where username = '$username' and password = '$password'");

I wonder what would happen if username was admin, and password was:
' OR 1=1 AND username = 'admin

Seems like a highly likely candidate for SQL injection.. anyone care to
give a little insight? Perhaps even test it out using httpush or
something?

-- 
+ Microsoft doesn't believe in free() code.