Details: ======== A SQL Injection vulnerability is detected on the Holi Greeting Cards facebook application (apps.facebook). The vulnerability allows an attacker (remote) to inject/execute own sql statements on the affected fb application dbms. Vulnerable Module(s): [+] Holi Greeting Cards - Facebook 3rd Party Application Vulnerable File(s): [+] invite.php; sent.php; received.php Affected Application: [+] http://apps.facebook.com/holigreetingcards/ --- SQL Error Logs --- Invalid query -- SELECT COUNT(*) FROM appusers WHERE userid = -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near `` at line 1 --- Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration in /home/develope/public_html/holigreetingcards/code.php on line 12 Warning: file_get_contents(https://graph.facebook.com/oauth/access_token?client_id=117795584965727&redirect_uri=http%3A %2F%2Fapps.facebook.com%2Fholigreetingcards%2Finvite.php&client_secret=d57cac3eac5ff834718e7c079d5f5580&code=) [function.file-get-contents]: failed to open stream: no suitable wrapper could be found in /home/develope/public_html/ holigreetingcards/code.php on line 12 --- Invalid query -- SELECT COUNT(*) FROM gifts_log WHERE giftto = -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near `` at line 1 ---
0 条评论。