Gforge SQL Injection

Original Advisory: 

The file /www/people/editprofile.php seems to be vulnerable to sql injection at multiple points.

The exploit is fairly easy, one post request returns all the usernames and hashes from the backend database.

The hashes can then be cracked using john-the-ripper.


POST request to:/www/people/editprofile.php



works against postgres database :).

Refer to the paper for exploiting sql injections against postgres database.