<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

From: <andy.huang_at_vbulletin.com>
Date: 23 May 2008 01:23:13 -0000

('binary' encoding is not supported, stored as-is) There is no exploit involved. Though, there is a bug involved.

The described issue generates an error screen using the links provided; however, this is only because there is a bug with single character search strings. Using anything longer than the string mentioned in the initial report (1 letter in length) will not generate an error message, and will not allow any sql injection.

There is no exploit, this is an invalid entry.

The bug involved can be seen here:
http://www.vbulletin.com/forum/project.php?issueid=25377
Received on May 23 2008

This message: [ Message body ]
Next message: Digital Security Research Group: "[DSECRG-08-024] Multiple Security Vulnerabilities (RFI,LFI,XSS) in QuateCMS"
Previous message: Florian Weimer: "Re: /home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised"
Maybe in reply to: skyline_at_yahoo.com: "Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]