Ok here you go a quick test to see if you are vunerable to sql injection.
In your login form use Username: admin'--
This will cause the sql query to comment out everything after the username is passed.
example:
* SELECT * FROM members WHERE username = 'admin'--' AND password = 'password'
This is going to log you as admin user, because rest of the SQL query will be ignored.
Sunday, July 12, 2009
Subscribe to:
Posts (Atom)
