|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: dvddb-0.6 media sql-inj. vuln.
james
globalmegacorp.org
Date: Tue Oct 02 2007 - 14:28:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This exploit is incorrect. There is no SQL injection attack here. The $user variable is sanitized prior to passing to the function in common.php, and calling the file directly does nothing because it's just a function definition.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]