Bugtraq mailing list archives
Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
From: Matias Blanco <blue () corest com>
Date: Wed, 21 May 2008 15:21:07 -0300
This exploit is valid. We've just exploted it. VBulletin 3.7.0 Gold. martin.meredith () vbulletin com wrote:
This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.Once again, this is invalid
Current thread:
- Vbulletin 3.7.0 Gold >> Sql injection on faq.php a . jasbi (May 20)
- <Possible follow-ups>
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php martin . meredith (May 21)
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php Matias Blanco (May 21)
- Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php andy . huang (May 23)
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php skyline (May 27)