Menu

#36 SQL injection

v_1.2.x
open
nobody
Security issues (2)
5
2006-04-19
2006-04-19
Anonymous
No

SQL injection exists in PMtool in parameter 'order'.

It reveals the table name and column name.

http://www.pmtool.org/demo/index.php

Credit: Pratiksha Doshi, Security Anaylst, NII Consulting

Best Regards
Pratiksha Doshi

Discussion

Log in to post a comment.

MongoDB Logo MongoDB