Bugtraq mailing list archives
Re: SQL IN Open Bulletin Board
From: security curmudgeon <jericho () attrition org>
Date: Tue, 9 Aug 2005 23:35:36 -0400 (EDT)
Each of these has been previously disclosed it seems: : discussion :- there is many sql in : (board.php) as wwww.victim.com/openbb/board.php?FID=[sql] 2004-04-24 http://www.gulftech.org/04242004.php : (read.php) as www.victim.com/openbb/read.php?TID=[sql] 2005-05-12 http://archives.neohapsis.com/archives/bugtraq/2005-05/0175.html : (member.php) as www.victim.com/openbb/member.php?action=profile&UID=[sql] 2004-04-24 http://www.gulftech.org/04242004.php I don't see any indication they were ever fixed, even though a year+ old.
Current thread:
- SQL IN Open Bulletin Board ABDUCTER_MINDS (Aug 08)
- Re: SQL IN Open Bulletin Board security curmudgeon (Aug 10)