Exploit – mysql_real_escape_string

Proof of Concept – mysql_real_escape_string SQL Injection Exploit
Result – Returns ALL Db records due to missing quotes around variable in query

Leave a Reply

Your email address will not be published. Required fields are marked *