BugTraq
Back to list
|
Post reply
Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
May 21 2008 09:16AM
martin meredith vbulletin com
(1 replies)
Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
May 21 2008 06:21PM
Matias Blanco (blue corest com)
This exploit is valid. We've just exploted it.
VBulletin 3.7.0 Gold.
martin.meredith (at) vbulletin (dot) com [email concealed] wrote:
> This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.
>
> Once again, this is invalid
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
VBulletin 3.7.0 Gold.
martin.meredith (at) vbulletin (dot) com [email concealed] wrote:
> This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.
>
> Once again, this is invalid
>
[ reply ]