Bugtraq mailing list archives
Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
From: Bastian Ahrens <mail () b3cks com>
Date: Sat, 23 Sep 2006 14:58:25 +0200
Hi,I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I just get a normal thread page but without any postings. Where is the SQL "injection"? More infos would be great.
Greets Bastian Ahrens sn4k3.23 () gmail com wrote:
Use it like this: http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1 Ok, its kinda useless 'cause it's an "ORDER BY", but u can see: - the PHP Version - the MySQL version - the wBB Version (when it has been faked or removed) Greets, 666 - www.sr-crew.de.tt
Current thread:
- Woltlab Burning Board 2.3.X SQL Injection Vulnerability sn4k3 . 23 (Sep 22)
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 25)
- Message not available
- Re: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 26)
- Message not available
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Bastian Ahrens (Sep 25)
- <Possible follow-ups>
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability x82_ (Sep 25)