info
discussion
exploit
solution
references
Blog System Multiple SQL Injection Vulnerabilities
No exploit is required.
http://www.example.com/index.php?mode=home&cat=-99[SQL CODE]
http://www.example.com/blog.php?user=[USER]¬e=-99[SQL CODE]
Privacy Statement
Copyright 2010, SecurityFocus
