10 lines
No EOL
630 B
Text
10 lines
No EOL
630 B
Text
source: https://www.securityfocus.com/bid/23400/info
|
|
|
|
DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
|
|
|
|
These issues affect DropAFew 0.2; prior versions may also be affected.
|
|
|
|
# create new user
|
|
wget --save-cookies cookies --keep-session-cookies --post-data='username=exploit&password=1&password_confirm=1' http://[target]/calorie/newaccount2.php |