Py-Membres 4.x - 'Pass_done.php' SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054125 漏洞类型
发布时间 2003-08-26 更新时间 2003-08-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23061
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8500/info

A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries.

It has been reported that an input validation error exists in the pass_done.php file included with Py-Membres. Because of this, a remote attacker may launch SQL injection attacks through the software. 

http://www.example.com/pass_done.php?Submit=1&email='%20OR%203%20IN%20(1,2,3)%20INTO%20OUTFILE%20'/complete/path/file.txt