Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQL injection vulnerability in downloadcrew.com
- Errors are put as comments in the HTML
- Example of vulnerable pages:
- http://downloadcrew.com/?act=search&cat='30
- <!--
- PDOException - SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for integer: "" or "" = ""<p>SELECT * FROM categories WHERE id = :id<br />
- Array<br />
- (<br />
- )<br />
- Stack trace:
- #0 /home/n/q/nqdownloadcrew/web/public_html/classes/class.db.connection.php(123): PDOStatement->execute()<br />
- #1 /home/n/q/nqdownloadcrew/web/public_html/classes/views/view.php(117): DBStatement->execute()<br />
- #2 /home/n/q/nqdownloadcrew/web/public_html/classes/views/category.php(47): View->LoadByStmt(Object(DBStatement))<br />
- #3 /home/n/q/nqdownloadcrew/web/public_html/actions/search.php(73): ViewCategory::LoadByID(Object(DBConnection), '" or "" = "')<br />
- #4 /home/n/q/nqdownloadcrew/web/public_html/index.php(115): require('/home/n/q/nqdow...')<br />
- #5 {main}
- -->
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement