Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

From: Matias Blanco <blue_at_corest.com>
Date: Wed, 21 May 2008 15:21:07 -0300

This exploit is valid. We've just exploted it.

VBulletin 3.7.0 Gold.

martin.meredith_at_vbulletin.com wrote:
> This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.
>
> Once again, this is invalid
>
Received on May 21 2008

This message: [ Message body ]
Next message: Core Security Technologies Advisories: "CORE-2008-0126: Multiple vulnerabilities in iCal"
Previous message: Steve Kemp: "[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code"
In reply to: martin.meredith_at_vbulletin.com: "Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php"
Next in thread: skyline_at_yahoo.com: "Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]