Open tlhunter opened 12 years ago
Hello Thomas,
There is a blind SQL injection flaw in the signup_check.php file, specifically with the "value" parameter. Here is a URL that will demonstrate the issue:
http://localhost/signup_check.php?field=username&value='+OR+SLEEP(5)+OR+'
See line #29 for the issue.
--Adam Caudill http://adamcaudill.com
Hello Thomas,
There is a blind SQL injection flaw in the signup_check.php file, specifically with the "value" parameter. Here is a URL that will demonstrate the issue:
http://localhost/signup_check.php?field=username&value='+OR+SLEEP(5)+OR+'
See line #29 for the issue.
--Adam Caudill http://adamcaudill.com