|
|
DRZES HMS Multiple SQL Injection Vulnerabilities
No exploit is required: Example URI have been provided: http://www.example.com/customers/domains.php?plan_id=[SQL] http://www.example.com/customers/viewinvoice.php?invoiceID=[SQL] http://www.example.com/customers/viewplan.php?customerPlanID=[SQL] http://www.example.com/customers/referred_plans.php?ref_id=[SQL] http://www.example.com/customers/referred_plans.php?sort=id&order=asc&ref_id=[SQL] http://www.example.com/customers/viewusage.php?plan_id=[SQL] http://www.example.com/customers/listcharges.php?customerPlanID=[SQL] http://www.example.com/customers/pop_accounts.php?plan_id=[SQL] http://www.example.com/customers/pop_accounts.php?plan_id=35&domain=[SQL] http://www.example.com/customers/databases.php?plan_id=[SQL] http://www.example.com/customers/databases.php?plan_id=35&domain=[SQL] http://www.example.com/customers/ftp_users.php?plan_id=[SQL] http://www.example.com/customers/ftp_users.php?plan_id=35&domain=[SQL] http://www.example.com/customers/crons.php?plan_id=[SQL] http://www.example.com/customers/crons.php?plan_id=35&domain=[SQL] http://www.example.com/customers/pass_dirs.php?plan_id=[SQL] http://www.example.com/customers/pass_dirs.php?plan_id=35&domain=[SQL] http://www.example.com/customers/zone_files.php?plan_id=[SQL] http://www.example.com/customers/zone_files.php?plan_id=35&domain=[SQL] http://www.example.com/customers/htaccess.php?plan_id=[SQL] http://www.example.com/customers/htaccess.php?plan_id=35&domain=[SQL] http://www.example.com/customers/software.php?plan_id=[SQL] http://www.example.com/customers/software.php?plan_id=35&domain=[SQL] |
|
Privacy Statement |