Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL IN Open Bulletin Board

From: security curmudgeon <jericho () attrition org>
Date: Tue, 9 Aug 2005 23:35:36 -0400 (EDT)

Each of these has been previously disclosed it seems:

: discussion :- there is many sql in 
:                               (board.php) as wwww.victim.com/openbb/board.php?FID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php

:                               (read.php) as www.victim.com/openbb/read.php?TID=[sql]

2005-05-12
http://archives.neohapsis.com/archives/bugtraq/2005-05/0175.html

:                               (member.php) as www.victim.com/openbb/member.php?action=profile&UID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php


I don't see any indication they were ever fixed, even though a year+ old.
Previous By Date Next
Previous By Thread Next

Current thread: