phpBP <= RC3 (2.204) FIX4 Remote SQL Injection Vulnerability

No description provided by source. .-----------------------------------------------------------------------------. | vuln.: phpBP = RC3 2.204 FIX4 Remote SQL Injection Vulnerability | | download: http://www.phpbp.com/ | | dork: PHP BP Team | | | | author: [email protected] | | homepage:...

CVE-2008-1408

phpBP 2 RC3 (2.204) FIX 4 contains a SQL injection in includes/functions/banners-external.php via the id parameter in a banner_out action. This allows remote attackers to execute arbitrary SQL commands. The affected component is the phpBP banner_out flow, and the root cause is unsafely concatenat...

phpbp-sql.txt

.-----------------------------------------------------------------------------. | vuln.: phpBP HACKBOX.pl query"SELECT FROM $confprefixbanners WHERE id=$GETid" or $db-errFILE, LINE; 13 14 if$db-numrows==0 15 16 redirect'index.php?module=error?error=bannerserror2'; 17 exit; 18 19 20...