|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
xoops mylinks module - sql injection
root
hanicker.it
Date: Fri Nov 09 2007 - 05:38:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have found a mysql injection vulnerability in
mylinks xoops module
brokenlink.php page where
$_GET['lid'] is not validated by intval() or any other input validation.
See:
modules/mylinks/brokenlink.php?lid=1%20OR%201=2
or get an error of fetch in the page title
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]