<<< Date Index >>>     <<< Thread Index >>>

Re: dvddb-0.6 media sql-inj. vuln.



This exploit is incorrect. There is no SQL injection attack here. The $user 
variable is sanitized prior to passing to the function in common.php, and 
calling the file directly does nothing because it's just a function definition.