|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
WowBB view_user.php SQL Injection Vulnerability
From: Megasky (magasky
hotmail.com)
Date: Tue May 10 2005 - 06:06:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
An attacker can exploit this vulnerability to gain admin username and password.
http://www.wowbb.com/
Vulnerable versions: 1.6
1.61
1.62
Proof of concept:
http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by='[SQL Injection]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]