My Databook diary.php delete Variable SQL Injection

2007-06-04T00:00:00
ID OSVDB:38384
Type osvdb
Reporter OSVDB
Modified 2007-06-04T00:00:00

Description

Manual Testing Notes

http://[target]/apppath/diary.php?month=06&year=2007&day=01&delete=%27 http://[target]/apppath/diary.php?month=06&year=2007&day=01&delete=%00'

References:

Related OSVDB ID: 38385 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0040.html ISS X-Force ID: 34716 CVE-2007-3063 Bugtraq ID: 24311