Softbiz Dating Script search_results.php Multiple Variable SQL Injection

2006-06-22T05:04:03
ID OSVDB:26793
Type osvdb
Reporter OSVDB
Modified 2006-06-22T05:04:03

Description

Manual Testing Notes

http://[target]/search_results.php?country=1[SQL] http://[target]/search_results.php?pg=2&sort_by=1[SQL]

References:

Vendor URL: http://www.softbizscripts.com/ Secunia Advisory ID:20802 Related OSVDB ID: 26796 Related OSVDB ID: 26795 Related OSVDB ID: 26797 Related OSVDB ID: 26794 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0517.html FrSIRT Advisory: ADV-2006-2512 CVE-2006-3271 Bugtraq ID: 18605