Exploit PHP TopSites 2.0/2.2 - 'edit.php' SQL Injection

[Exploiter]

EDB-ID

22177

Проверка EDB

1. Пройдено

Автор

CYBERARMY APPLICATION

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

N/A

Дата публикации

2003-01-15

source: https://www.securityfocus.com/bid/6625/info

A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied URI parameters it is possible for an attacker to embed SQL commands into certain page requests. This may result in another users private information being disclose to an attacker.

http://examplewebsite.com/topsitesdirectory/edit.php?a=pre&submit=&sid=siteidnumber--