PHP Gift Registry 1.5.5 – SQL Injection

• Exploit Database
• 10 阅读

• 作者： G13
  日期： 2012-02-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18519/

• # Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
  # Date: 02/22/12
  # Author: G13
  # Software Link: https://sourceforge.net/projects/phpgiftreg/
  # Version: 1.5.5
  # Category: webapps (php)
  #
  
  ##### Vulnerability #####
  
  The userid parameter in the users.php file is vulnerable to SQL 
  Injection.
  
  A user must be signed in to exploit this.
  
  ##### Exploit #####
  
  http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi]