Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
From: Matias Blanco <blue@xxxxxxxxxx>
Date: Wed, 21 May 2008 15:21:07 -0300
In-reply-to: <20080521091620.6622.qmail@xxxxxxxxxxxxxxxxx>

This exploit is valid. We've just exploted it.

VBulletin 3.7.0 Gold.

martin.meredith@xxxxxxxxxxxxx wrote:

This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.
Once again, this is invalid

References:
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
  - From: martin . meredith

Prev by Date: [SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code
Next by Date: CORE-2008-0126: Multiple vulnerabilities in iCal
Previous by thread: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
Next by thread: Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux