by r0t,der4444,cembo,VietMafia

Monday, November 14, 2005

PEEL 2.x sql injection

PEEL 2.x sql injection

Author: r0t
Date: 14. nov 2005

software: PEEL 2.x

Tested on 2.6 and 2.7 version

Vuln. Description
Input passed to the "rubid" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew