phpWebLog

Programming Languages: PHP

License: GNU General Public License (GPL)

Repositories

CVS browse code, statistics cvs -d:pserver:anonymous@phpweblog.cvs.sourceforge.net:/cvsroot/phpweblog login cvs -z3 -d:pserver:anonymous@phpweblog.cvs.sourceforge.net:/cvsroot/phpweblog co -P modulename

What's happening?

MySQL INJECTION EXPLOIT

THE BUG WAS FOUND IN: func.inc.php function F_loginUser($Username,$Password) { global $db; $sql = "UPDATE T_Users SET "; $sql .= "LastLogin = now() "; $sql .= "WHERE Username = '$Username' "; $sql .= "AND Password = '" . md5($Password) . "' "; $sql .= "AND Verified = 'Y'"; mysql_query($sql,$db); if (mysql_affected_rows()>0) { return true; The input is not sanitized.

2009-10-30 18:30:58 UTC by tavezbadalov

Bugs (7 open / 38 total)
Feature Requests (2 open / 4 total)
Mailing Lists (1 total)
CVS Repository (0 commits, 29 reads)
Browse CVS

phpWebLog

Code

Repositories

What's happening?

MySQL INJECTION EXPLOIT

Links You May Need

Project Admins

Our Numbers

About SourceForge

Find Software

Develop Software

Community

Help