Bugtraq mailing list archives
Re: Vbulletin 3.6.5 Sql Injection ! [misc.php]
From: scott-REMOVE () vbulletin com
Date: 14 Apr 2007 14:25:02 -0000
There is no SQL injection being performed on that page, the proof of concept script simple grabs any 32 character string from the page, the one in question happens to be a logout hash. The logout hash is used to mitigate a CSRF.
Current thread:
- Vbulletin 3.6.5 Sql Injection ! [misc.php] seko (Apr 13)
- <Possible follow-ups>
- Re: Vbulletin 3.6.5 Sql Injection ! [misc.php] scott-REMOVE (Apr 14)