Dokeos viewtopic.php topic Variable SQL Injection

2006-04-10T05:32:40
ID OSVDB:24499
Type osvdb
Reporter OSVDB
Modified 2006-04-10T05:32:40

Description

Manual Testing Notes

http://[target]/claroline/phpbb/viewtopic.php?cidReq=102&gidReq=&forum=1&0&forumview=threaded&topic=1[blind_sql_inject]

References:

Vendor URL: http://www.dokeos.com/ Security Tracker: 1015938 Secunia Advisory ID:19604 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0184.html