[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Woltlab Burning Board 2.3.X SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
From: sn4k3.23@xxxxxxxxx
Date: 21 Sep 2006 22:34:09 -0000

Use it like this:

http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1

Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:

- the PHP Version
- the MySQL version
- the wBB Version (when it has been faked or removed)

Greets,

666 - www.sr-crew.de.tt

Follow-Ups:
- Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
  - From: Bastian Ahrens

Prev by Date: jevoncms (.inc) Path Disclosure
Next by Date: [Call for Papers] DIMVA 2007
Previous by thread: jevoncms (.inc) Path Disclosure
Next by thread: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
Index(es):
- Date
- Thread