IG Calendar SQL Injection Jan 05 2007 05:52AM
asdfj38 yahoo com
SQL Injection in ig-Calendar. This works regardless of magic_quotes_gpc!
Dumps mysql login information:,User,P
./user.php line 52:
$query = 'SELECT * FROM users WHERE id='.$id;
Should have used quote marks.

Vendor's page:http://www.igeneric.co.uk
download: http://www.igeneric.co.uk/files/ig-calendar-1.0.zip

By Michael Brooks.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus