Login Manager memberlist.php keyword Variable SQL Injection

2007-01-20T19:52:11
ID OSVDB:36103
Type osvdb
Reporter OSVDB
Modified 2007-01-20T19:52:11

Description

Manual Testing Notes

http://[target]/psm/admin/memberlist.php?keyword=[SQl]&p=a&by=1&sbmt1=++Search++&init_row=0&sort=create_time&sq=desc&status=1

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0467.html ISS X-Force ID: 31616 CVE-2007-0403