Description - Multiple SQL Injection in DSDownload
SQL Injection found in DSDownload script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable scripts:
search.php
downloads.php
Variables $key $category are not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
Order Source Code Review made by eVuln
You may order source code review of a website done by our team.The task will be done by specialists in web security.