BugTraq
Woltlab Burning Board 2.3.X SQL Injection Vulnerability Sep 21 2006 10:34PM
sn4k3 23 gmail com (1 replies)
Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability Sep 23 2006 12:58PM
Bastian Ahrens (mail b3cks com)
Hi,

I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I
just get a normal thread page but without any postings. Where is the
SQL "injection"? More infos would be great.

Greets
Bastian Ahrens

sn4k3.23 (at) gmail (dot) com [email concealed] wrote:
> Use it like this:
>
> http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1
>
> Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:
>
> - the PHP Version
> - the MySQL version
> - the wBB Version (when it has been faked or removed)
>
> Greets,
>
> 666 - www.sr-crew.de.tt
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus