Search found 2 matches

by louiz'
12 May 2009, 07:06
Forum: Development
Topic: [Security issue] sql injection
Replies: 3
Views: 3159

Re: [Security issue] sql injection

Here is a screenshot
http://louiz.org/mysql_error.png

login : louiz'
password : teub
(of course, I fixed this flaw on my server ;) And it's not my real password ;))
by louiz'
11 May 2009, 23:22
Forum: Development
Topic: [Security issue] sql injection
Replies: 3
Views: 3159

[Security issue] sql injection

On the login page.
Try to log with something with a ' in it.
For example with « louiz' »

You will see a mysql error.
The $_POST['login'] and $_POST['password'] are not protected and can be used to do a mysql injection.

Please fix.

Go to advanced search