I was checking out the advisory, and noticed this clip: // Remove this else in a future version else { if ($username == "admin") { $sql->query("select * from $default->owl_users_table where username = '$username' and password = '$password'"); I wonder what would happen if username was admin, and password was: ' OR 1=1 AND username = 'admin Seems like a highly likely candidate for SQL injection.. anyone care to give a little insight? Perhaps even test it out using httpush or something? -- + Microsoft doesn't believe in free() code.
This archive was generated by hypermail 2b30 : Sun May 18 2003 - 19:10:28 PDT