Results 1 to 2 of 2

Thread: Possible SQL injection in PHPLicenser 1.0 found.

  1. #1

    Default Possible SQL injection in PHPLicenser 1.0 found.

    http://yabsoft.yabsoft.info/client/view_order.php?order_id='1

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' and o.client_id='137'' at line 3 SQL=select o.*,p.name from orders as o left join product as p on p.product_id=o.product_id where o.order_id=''1' and o.client_id='137'

    Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/yabsoft/public_html/yabsoft/client/includes/database.php on line 247
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' and o.client_id='137'' at line 3 SQL=select o.*,l.keycode,l.license_id from licenses as l left join orders as o on l.order_id=o.order_id where o.order_id=''1' and o.client_id='137'

    Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/yabsoft/public_html/yabsoft/client/includes/database.php on line 282

  2. #2

    Default

    its called vulnerability

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •