[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability


I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I just get a normal thread page but without any postings. Where is the SQL "injection"? More infos would be great.

Bastian Ahrens

sn4k3.23@xxxxxxxxx wrote:
Use it like this:

Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:

- the PHP Version
- the MySQL version
- the wBB Version (when it has been faked or removed)


666 - www.sr-crew.de.tt