[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
From: martin.meredith@xxxxxxxxxxxxx
Date: 21 May 2008 09:16:20 -0000

This is invalid. the variable q is taken, split into words, and then each word 
is escaped for usage within the DB. 

Once again, this is invalid

Follow-Ups:
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
  - From: Matias Blanco

Prev by Date: CORE-2008-0415: Borland Interbase 2007 Integer Overflow
Next by Date: [ MDVSA-2008:105 ] - Updated kernel packages fix vulnerabilities
Previous by thread: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
Next by thread: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
Index(es):
- Date
- Thread