Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Web Wiz Forums 8.05 (MySQL version) SQL Injection
Mar 20 2007 01:53PM
Ivan Fratric (ifsecure gmail com)
There is a vulnerability in MySQL version of Web Wiz Forums, free ASP
bulletin board system software, enabling SQL injection. The
vulnerability is in the code used to filter string parameters prior to
including them in the SQL queries:
'Format SQL Query funtion
Private Function formatSQLInput(ByVal...
[ more ]
Copyright 2010, SecurityFocus