Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Widget Press Widget Property Property.PHP SQL Injection Vulnerability

No exploit is required.

The following proof of concept examples are available:
http://www.example.com/property.php?action=property&property_id=[SQL]

http://www.example.com/property.php?action=search&city_id=&zip_code
=[SQL]&price=&property_type_id=1&submit=submit

http://www.example.com/property.php?action=search&city_id=&zip_code=
&price=75000&property_type_id=[SQL]&submit=submit

http://www.example.com/property.php?action=search&city_id=&zip_code=
&price=[SQL]&property_type_id=&submit=submit

http://www.example.com/property.php?action=search&city_id=[SQL]&zip_code=
&price=&property_type_id=&submit=submit







 

Privacy Statement
Copyright 2009, SecurityFocus