• info
• discussion
• exploit
• solution
• references

LabStore Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/labstore/stocks/interface_creator/index.php?table_name=proteins&function=search&where_clause=[SQL INJECTION]&page=0&order=nature&order_type=ASC

http://www.example.com/labstore/stocks/interface_creator/index_long.php?table_name=proteins&function=search&where_clause=[SQL INJECTION]&page=0&order=nature&order_type=ASC

http://www.example.com/labstore/stocks/interface_creator/index_short.php?table_name=proteins&function=search&where_clause=[SQL INJECTION]&page=0&order=nature&order_type=ASC