[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dvddb-0.6 media sql-inj. vuln.



This exploit is incorrect. There is no SQL injection attack here. The $user variable is sanitized prior to passing to the function in common.php, and calling the file directly does nothing because it's just a function definition.