Форумы / Cotonti / Bugs / Search SQL injection

Exploit

badc0re
#30790 21.09.2011 10:00

Take a look at 

Java
1
2
3
4
5
6
7
#0  cot_diefatal(SQL error 42S22: Column not found: 1054 Unknown column 'ft_updatedINJECTED_PARAMINJECTED_PARAM' in 'order clause')
 
And
 
GROUP BY t.ft_id ORDER BY ft_updatedINJECTED_PARAMINJECTED_PARAM ASC
 
It looks like sql injection to me.