by r0t,der4444,cembo,VietMafia

Monday, November 14, 2005

PEEL 2.x sql injection


PEEL 2.x sql injection

Author: r0t
Date: 14. nov 2005


software: PEEL 2.x
vendor: http://peel.fr/

Tested on 2.6 and 2.7 version

Vuln. Description
Input passed to the "rubid" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew