# Exploit Title: PHP Gift Registry 1.5.5 SQL Injection# Date: 02/22/12# Author: G13# Software Link: https://sourceforge.net/projects/phpgiftreg/# Version: 1.5.5# Category: webapps (php)###### Vulnerability #####
The userid parameter in the users.php fileis vulnerable to SQL
Injection.
A user must be signed in to exploit this.##### Exploit #####
http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi]
