|
|
Posted by Ignoramus20689 on 08/22/06 15:18
While trying to signon at a website, I got the following PHP code
back. I suppose that their apache was mistakenly returning php text
instead of executing it.
<?php
if (!defined("INCLUDED"))
include "include.php3";
$sql = mysql_query("select * from registrants where Account_Username='$username' AND Account_Password='$password'");
if (@mysql_num_rows($sql) == 0) {
include "registrationphp.html";
} else {
include "upcomingregister.php3";
}
?>
I am not a PHP expert (I do mod_perl), but it would seem that this
code is likely to be a good candidate for SQL injection attack. Is
that the case? If so, I would write to them.
Fo instance, I could supply a password between >>> and <<<:
>>>' or 1=1 or a = 'a<<<
and sign on as any known to me username (these are not hard to find
out, this is an auctioneer who displays high bidder id)
i
Navigation:
[Reply to this message]
|