SiT! Bugs

View Revisions: Issue #1395 All Revisions ] Back to Issue ]
Summary 0001395: possible SQL injection
Revision 2010-09-11 12:33 by Tomse
Steps To Reproduce Login to sit as any user, paste the above URL modified to your system (don't forget the sit_users table)

this will list the user admin with the hashed password value in the users field.

I've been able to reproduce this, both in the 3.62 and SVN
Revision 2010-09-08 15:28 by Tomse
Steps To Reproduce

Copyright © 2000 - 2021 MantisBT Team
Powered by Mantis Bugtracker