MySQL Freaks Site’s Vulnerability July 20, 2006
Posted by ordinarywebguy in MySQL.add a comment
One day, I needed a mysql statement syntax and browse to mysqlfreaks.com . I tried to log in my account in phpfreaks.com but seems not to work at all (just trying). Then after a few clicks on searching, it to came to suprise me what I discovered. Click the image to see. 
I was logged in as phpfreak (admin user). Whew! This is not good on the side of mysqlfreaks admins. If I was in black hat side, I’ll then mess with the site. (Good thing I am in white hat) I immediately submitted them a report about the bug. Let us see if they’ll do something about to fix it.
Here’s what I did:
1. Visit http://www.mysqlfreaks.com.
2. Put any string on both username and password fields.
3. Click submit.
4. Browse to http://mysqlfreaks.com/mysql_statements.php
Now, you can see what the above image is.
Note: Please don’t mess with the site.
