|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
andy.huang
vbulletin.com
Date: Thu May 22 2008 - 20:23:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There is no exploit involved. Though, there is a bug involved.
The described issue generates an error screen using the links provided; however, this is only because there is a bug with single character search strings. Using anything longer than the string mentioned in the initial report (1 letter in length) will not generate an error message, and will not allow any sql injection.
There is no exploit, this is an invalid entry.
The bug involved can be seen here:
http://www.vbulletin.com/forum/project.php?issueid=25377
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]