Re: dvddb-0.6 media sql-inj. vuln. Oct 02 2007 07:28PM
james globalmegacorp org
This exploit is incorrect. There is no SQL injection attack here. The $user variable is sanitized prior to passing to the function in common.php, and calling the file directly does nothing because it's just a function definition.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus