[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: WowBB view_user.php SQL Injection Vulnerability
From: Megasky <magasky () hotmail ! com>
Date: 2005-05-10 11:06:26
Message-ID: 20050510110626.22120.qmail () www ! securityfocus ! com
[Download RAW message or body]
An attacker can exploit this vulnerability to gain admin username and password.
http://www.wowbb.com/
Vulnerable versions: 1.6
1.61
1.62
Proof of concept:
http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by='[SQL Injection]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic