PHP/MySQL Classifieds (PHP Classifieds) search.php rate Variable SQL Injection

2006-06-28T06:19:14
ID OSVDB:26923
Type osvdb
Reporter OSVDB
Modified 2006-06-28T06:19:14

Description

Manual Testing Notes

http://[target]/search.php?rate=[sql]

References:

Secunia Advisory ID:20880 Related OSVDB ID: 26922 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0618.html ISS X-Force ID: 27453 CVE-2006-3329 Bugtraq ID: 18713