MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) SQL Injection

日期: 2012/10/18 | 标签: | 游览:418
The vulnerabillity exist within albums.php :

	<?
		/*Line 69*/	$aid = $mybb->input['album']; 
		/*Line 86*/	$query_add_breadcrumb = $db->simple_select("albums", "*", "aid='".$aid."'");
	?>

/albums.php?action=editimage&image=[Vaild_ID]&album=[Vaild_albu

评论关闭。