From: Miguel A. B. L. <mig...@ho...> - 2004-01-30 18:54:47
|
Hi, I have been taking a look to some hacking pages ( oops, did I say hacking? ) and I have found something called SQL injection, and after a few examples I wondered if Marauroa is vulnerable to those attacks... Well, the nice part, using username="b\' or 1=1 or username like 'b" and password="b\' or 1=1 or password like 'b" gives you access to any marauroa server :D I am working on fixing it. I would really appreciate help on the security area as it is something a bit beyond my actual knowledge. Regards, Miguel _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus |