[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SQL IN Open Bulletin Board
- To: ABDUCTER_MINDS@xxxxxxxxx
- Subject: Re: SQL IN Open Bulletin Board
- From: security curmudgeon <jericho@xxxxxxxxxxxxx>
- Date: Tue, 9 Aug 2005 23:35:36 -0400 (EDT)
Each of these has been previously disclosed it seems:
: discussion :- there is many sql in
: (board.php) as
wwww.victim.com/openbb/board.php?FID=[sql]
2004-04-24
http://www.gulftech.org/04242004.php
: (read.php) as
www.victim.com/openbb/read.php?TID=[sql]
2005-05-12
http://archives.neohapsis.com/archives/bugtraq/2005-05/0175.html
: (member.php) as
www.victim.com/openbb/member.php?action=profile&UID=[sql]
2004-04-24
http://www.gulftech.org/04242004.php
I don't see any indication they were ever fixed, even though a year+ old.