Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#2 SQL Injection

open
nobody
None
5
2009-05-12
2009-05-12
billy anzovino
No

By providing a username and the password as ' or 1=1;-- you are able to gain access as any user that exists, and from that you can give yourself an account with any privileges you would like.

Discussion

  • Not sure if you have to enter exactly 'or 1=1'.
    Seems that you have access if you know the username only. You can use any passwort you want to login.