SQL injection in phpWebThing 1.4.4

2005-11-15T00:00:00
ID SECURITYVULNS:DOC:10221
Type securityvulns
Reporter Securityvulns
Modified 2005-11-15T00:00:00

Description

Vulnerable: phpWebThings 1.4.4 website : http://phpwebthings.org

The bug in download.php

ThE Exploit :

http://www.target.com/download.php?file=|SQL

ThE Error:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by date DESC' at line 1

AhLaM http://www.lezr.com/vb Best Regards ,,,