PunBB SQL Injection and Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

PunBB SQL Injection and Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URI for the SQL-injection issue is available:

http://www.example.com/search.php?action=search&keywords=hello&author=&forum=-1&search_in=all&sort_by=0&sort_dir=DESC&show_as=topics&search=1&result_list[< UNION SQL QUERY >/*]&1763905137=1&1121320991=1