DeluxeBB 1.0 newpost.php fid Parameter SQL Injection

2005-09-15T00:00:00
ID EDB-ID:26268
Type exploitdb
Reporter abducter
Modified 2005-09-15T00:00:00

Description

DeluxeBB 1.0 newpost.php fid Parameter SQL Injection. CVE- 2005-2989. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/14851/info
    
DeluxeBB is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being sent to SQL queries.
    
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/newpost.php?sub=newthread&fid=[code]