Vulnerability details :
 
Kostenloses Linkmanagementscript view.php id Parameter SQL Injection 
 
     Fiche

Fiche créée le 2008-05-16 20:36:12, dernière mise à jour le 2009-10-23 05:58:53

Kostenloses Linkmanagementscript contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.
http://[target]/[path]/view.php?id='/**/union/**/select/**/now(),load_file(0x2f6574632f706173737764)/**/from/**/mysql.user/*
 
 
 
External refs :
OSVDB  45224
 
 
 
 

 
 


Free consultation (search)
 
  Fill one or some of the fields below :
   
Vendor
 
Title
 
Vulnerability ref.
 
 
   
 
   
Individual alerts
 
You determine with one profile dynamic and assisted, all your material and software equipment.
We shall inform you then automatically, as soon as a notification of security will concern one or several elements of it profile.
Every notification is definite, consists of numerous information to determine risk and to protect itself from it.
 
Login:
Pass:
 
Free online subscription
© Power4Security.com - BMS Ltd UK 2007-2008 - powered by Power4Website.com
Partenaires : Anti-spam - Hébergement France - MySQL Php Suisse - Hosting Canada - Web Php Maroc - WebmasterMalin
Guide de l'affiliation - Guide du paiement électronique et de l'e-currency - Annuaire du Web - Solution e-commerce - Externalisation et outsourcing
e-Marketing et e-Mailing - Comparaison de services - Comparateur Marchands - Bons plans par email - Tests de personnalité et de QI
SMS API - Forums et Petites Annonces Gratuites - Rencontres - Sonneries - Offres du Web - Arrêter de fumer - Guide des mobiles et PDA