[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
WowBB view_user.php SQL Injection Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: WowBB view_user.php SQL Injection Vulnerability
- From: Megasky <magasky@xxxxxxxxxxx>
- Date: 10 May 2005 11:06:26 -0000
An attacker can exploit this vulnerability to gain admin username and password.
http://www.wowbb.com/
Vulnerable versions: 1.6
1.61
1.62
Proof of concept:
http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by='[SQL
Injection]