Py-Membres 4.x - 'Pass_done.php' SQL Injection
| EKU-ID: 28522 | CVE: | OSVDB-ID: |
| Author: frog | Published: 2003-08-26 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28522 | CVE: | OSVDB-ID: |
| Author: frog | Published: 2003-08-26 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8500/info A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the pass_done.php file included with Py-Membres. Because of this, a remote attacker may launch SQL injection attacks through the software. http://www.example.com/pass_done.php?Submit=1&email='%20OR%203%20IN%20(1,2,3)%20INTO%20OUTFILE%20'/complete/path/file.txt