just been going over some sql exploits did not think these are still easy to access... sample started at 7pm finished at 9.30
results are as follows 14 places accessed out of 23
see samples below on the first site ..just for proof i uploaded my avatar logo
slap in the middle.
no damage done to any site apart from uploading my image
exploit:
hint
using any name for a user i then injected the code in the password field
here are some samples
http://www.xxxxxxx.org.uk
proof my image in the middle link
http://www.xxxxxx.or...ages/Photos.asp
(**edited** image link, avatar has been removed)
a few others were ...nothing touched just explored
http://www.xxxxxxxxxx.com
http://www.xxxxxxxx.com
http://www.xxxxxxxxx.com
exploit not provided...
edited:sites patched
