-
The attack that I mentioned above using " admin' -- " is ineffective,
however the following attacks work:
To login with a username you are already familiar with, for example admin:
username: admin
password: ' OR '1' = '1
or if you don't know a username:
username: ' OR '1' = '1
password: ' OR '1' = '1
will log you in as the first user in the result set. The patch is still good.
2009-05-13 22:45:04 UTC by nobody
-
All the user authentication is encapsulated in login.php and that contains a weakness that leaves the software open to a simple SQL Injection attack. Note line 8 of login.php:
LOGIN.PHP
==================
..............
2009-05-12 23:58:40 UTC by nobody
-
when i insert the keld.sql mysql gives me this error message:
Error
SQL query:
# phpMyAdmin MySQL-Dump
# http://phpwizard.net/phpMyAdmin/
#
# Host: mysql303.ixwebhosting.com Database : atrain_news
# --------------------------------------------------------
#
# Table structure for table 'explanations'
#
CREATE TABLE explanations(
owner text NOT NULL ,
name text NOT NULL ...
2009-01-03 20:05:59 UTC by aleckzweight
-
dolmant committed patchset 2 of module keld to the Keld: PHP-MySQL News Script CVS repository, changing 14 files.
2001-05-01 05:34:08 UTC by dolmant
-
dolmant committed patchset 1 of module keld to the Keld: PHP-MySQL News Script CVS repository, changing 14 files.
2001-05-01 05:34:08 UTC by dolmant
-
Anonymous committed patchset 1 of module CVSROOT to the Keld: PHP-MySQL News Script CVS repository, changing 11 files.
2001-05-01 02:10:42 UTC by nobody
-
registered the Keld: PHP-MySQL News Script project.
2001-04-30 07:39:50 UTC by
