SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote malicious users to execute arbitrary SQL commands via the url parameter.
#!/usr/bin/perl
=about
Pligg 995 Beta Perl exploit
AUTHOR
discovered & written by Ams
ax330d [doggy] gmail [dot] com
VULN DESCRIPTION:
Vulnerability hides in 'evb/check_urlphp'
unfiltered $_GET['url'] parameter
Actually, it has filtration
Filtration strips tags and converts html
special chars , but it is not enough,
becaus ...