[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SQL injection - GestDownV1.00Beta
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: SQL injection - GestDownV1.00Beta
- From: bebe@xxxxxxxxx
- Date: 9 Dec 2007 02:49:47 -0000
catdownload.php (line 16)
$sql = ('SELECT * FROM downloads WHERE categorie='.$categorie.'');
download.php (line 6)
mysql_query('SELECT * FROM `downloads` WHERE categorie=' . $_GET['id']);
hitcounter.php (line 15)
$requete = "SELECT lien FROM downloads WHERE id=$id";
download:
http://www.01php.com/fiche-scripts-148.html