Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18633
HistoryDec 13, 2007 - 12:00 a.m.

SQL injection - GestDownV1.00Beta

2007-12-1300:00:00
vulners.com
17

catdownload.php (line 16)
$sql = ('SELECT * FROM downloads WHERE categorie='.$categorie.'');

download.php (line 6)
mysql_query('SELECT * FROM `downloads` WHERE categorie=' . $_GET['id']);

hitcounter.php (line 15)
$requete = "SELECT lien FROM downloads WHERE id=$id";

download:
http://www.01php.com/fiche-scripts-148.html