Description - SQL Injection Vulnerability in AndoNET Blog

SQL Injection found in AndoNET Blog script.

Exploit
Available
Solution
Not available - check vendor's website

Vulnerable script: comentarios.php

Variable $HTTP_GET_VARS['entrada'] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Order Source Code Analysis made by eVuln team

Protect against hacking by source code review of a site done by our team.The task will be done by specialists in web application security.

Advisories by vuln type