"portailphp v1.3" inurl:"index.php?affiche" inurl:"PortailPHP" -site:safari-msi.com

  • 日期:2005-06-03
  • 类别:
  • 作者:anonymous
  • 语法:"portailphp v1.3" inurl:"index.php?affiche" inurl:"PortailPHP" -site:safari-msi.com
  • Vulnerability has been found in parameter "id". If this variableAny value it is possible to replace it with a sign ' is transferredSince this parameter is involved in all modules, all of themAre vulnerable.It occurs because of absence of a filtration of parameter id.Exampleshttp://example/index.php?affiche=News&id='[SQL inj]http://example/index.php?affiche=File&id='[SQL inj]http://example/index.php?affiche=Liens&id='[SQL inj]http://example/index.php?affiche=Faq&id='[SQL inj]The conclusionVulnerability is found out in version 1.3, on other versionsDid not check. Probably they too are vulnerable.