neoinvoice icon indicating copy to clipboard operation
neoinvoice copied to clipboard
verified publisher icon tlhunter

SQL Injection [CVE-2012-3477]

Open tlhunter opened this issue 13 years ago • 0 comments

Hello Thomas,

There is a blind SQL injection flaw in the signup_check.php file, specifically with the "value" parameter. Here is a URL that will demonstrate the issue:

http://localhost/signup_check.php?field=username&value='+OR+SLEEP(5)+OR+'

See line #29 for the issue.

--Adam Caudill http://adamcaudill.com

tlhunter avatar Aug 25 '12 20:08 tlhunter