• info
• discussion
• exploit
• solution
• references

Dokeos Viewtopic.PHP SQL Injection Vulnerability


This issue can be exploited through a web client.

The following proof of concept is available:

http://www.example.com/claroline/phpbb/viewtopic.php?cidReq=102&gidReq=&forum=1&0&forumview=threaded&topic=1[blind_sql_inject]