Bugtraq mailing list archives

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

From: martin.meredith () vbulletin com
Date: 21 May 2008 09:16:20 -0000

This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB. 

Once again, this is invalid

Current thread:

Vbulletin 3.7.0 Gold >> Sql injection on faq.php a . jasbi (May 20)
- <Possible follow-ups>
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php martin . meredith (May 21)
  - Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php Matias Blanco (May 21)
- Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php andy . huang (May 23)
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php skyline (May 27)