OpenBB 1.01.1 - board.php SQL Injection

2003-04-22T00:00:00
ID EXPLOITPACK:71E22B6DDAE88F298CC90DCC4DC24CDF
Type exploitpack
Reporter Albert Puigsech Galicia
Modified 2003-04-22T00:00:00

Description

OpenBB 1.01.1 - board.php SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/7404/info

It has been reported that OpenBB does not properly check input passed via the 'board.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequences will vary depending on the underlying database implementation. 

http://www.example.com/board.php?FID=2%20<something>

where <something> represents a SQL query.