HomeForumsBugs
 Database Security. Database Auditing. Database Caching. Database Masking. Get it now

Great idea...

Posted November 16th, 2008 by LiquidBrain
in

This is great idea, i like it very much, but i think that is impossible to cover all variants of injection...

I managed to log in using simple

username: admin
password: password') OR ('1'='1

creating the following query:

SELECT * FROM user WHERE name='admin' and pwd=SHA('password') OR ('1'='1')

--
Milan Cvejic

‹ again bypassed There is a bug, come in... ›

Comments

Thank you for the bug

On November 20th, 2008 yoav says:

Thank you for the bug report.

I will handle it ASAP.

Yuli

Did you already fix the

On November 26th, 2008 aah says:

Did you already fix the issue? Same concept worked for me:

username: admin''' or 1=1 or '
password: lalala

Hi ahh Thanks for reporting

On December 6th, 2008 yoav says:

Hi ahh

Thanks for reporting this issue.

This is basically another bug. Not related to the one posted at the start of this thread.

I just fixed you bug in the SVN and will update demo version with the newest version.

Thanks again,
Yuli

Back to top