|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 69
Members: 0
Total: 69
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
myBloggie 2.x problem in Sql injection |
|
Posted: Tue Sep 06, 2005 3:37 pm |
|
|
elmut |
Beginner |
|
|
Joined: Sep 06, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
hello
today secunia.com has reported an sql injection vulnerability in myBloggie 2.1.3 and prior. http://secunia.com/advisories/16699/
here is the code of login.php file :
Code: | if (isset($_POST['username'])) {
$username=$_POST['username'];
} else $username="";
.
.
.
$result = mysql_query( "SELECT user FROM ".USER_TBL." WHERE user='$username'
AND password='$passwd'" ) or error( mysql_error() );
if( mysql_num_rows( $result ) != 1 )
message($lang['Error'],$lang['Msg_invalid_pass']) ;
else
{
session_start();
$_SESSION['username'] = $username;
$_SESSION['passwd'] = $passwd;
header( "Location: ./admin.php" );
}
|
i'm trying to exploit this vulnerability but when i send the
username= 'UNION SELECT user from blog_user/*
i'm get this message error: "The used SELECT statements have a different number of columns"
the complete query after sql injection is:
SELECT user FROM blog_user WHERE user=''UNION SELECT user from blog_user/*
Why don't work this injection? |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|