=================== Scripteen Free Image Hosting Script v2.3 SQL Injection vulnerable =================== The vulnerable: header.php (line 53-62) $userid=$_SESSION['userid']; $usergid=$_SESSION['usergid']; if (!$userid || empty($userid) || $userid==""){ $userid = $_COOKIE['cookid']; } if (!$usergid || empty($usergid) || $usergid==""){ $usergid = $_COOKIE['cookgid']; } As you can see $_COOKIE['cookid'] and $_COOKIE['cookgid'] is not filtered and can be used to do an SQL Injection =================== Proof of concept =================== # milw0rm.com [2009-07-24]