邪恶八进制信息安全团队技术讨论组's Archiver

EvilOctal 2005-5-12 16:37

[转载]WowBB view_user.php SQL Injection(注入)漏洞

信息来源:[url]www.securityfocus.com[/url]

An attacker can exploit this vulnerability to gain admin username and password.

[url]http://www.wowbb.com/[/url]

Vulnerable versions: 1.6
1.61
1.62

Proof of concept:
[url]http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by=[/url]'[SQL Injection]

页: [1]
© 1999-2008 EvilOctal Security Team