Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: tb13350.htm

xoops mylinks module - sql injection



xoops mylinks module - sql injection
xoops mylinks module - sql injection



I have found a mysql injection vulnerability in=0D
mylinks xoops module=0D
brokenlink.php page where=0D
$_GET['lid'] is not validated by intval() or any other input validation.=0D
=0D
See:=0D
modules/mylinks/brokenlink.php?lid=1%20OR%201=2=0D
=0D
or get an error of fetch in the page title


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH