Bugtraq mailing list archives

Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

From: andy.huang () vbulletin com
Date: 23 May 2008 01:23:13 -0000

There is no exploit involved.  Though, there is a bug involved.

The described issue generates an error screen using the links provided; however, this is only because there is a bug 
with single character search strings.  Using anything longer than the string mentioned in the initial report (1 letter 
in length) will not generate an error message, and will not allow any sql injection.

There is no exploit, this is an invalid entry.

The bug involved can be seen here:
http://www.vbulletin.com/forum/project.php?issueid=25377

Current thread:

Vbulletin 3.7.0 Gold >> Sql injection on faq.php a . jasbi (May 20)
- <Possible follow-ups>
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php martin . meredith (May 21)
  - Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php Matias Blanco (May 21)
- Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php andy . huang (May 23)
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php skyline (May 27)