XennoBB 1.0.x/2.2 Icon_Topic SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19606/info XennoBB is prone to an SQL-injection vulnerability that could allow an attacker to influence the structure or logic of SQL queries made by the application. --------------------- EXPLOIT ---------------------...

XennoBB Icon_Topic SQL注入漏洞

XennoBB是一款基于PHP的WEB应用程序。 XennoBB不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞提交SQL查询作为参数数据，可获得敏感信息。 问题是'topicpost.php'脚本对用户提交的'icontopic'参数缺少过滤，提交恶意的SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 XennoBB XennoBB 2.2.1 XennoBB XennoBB 2.2 XennoBB XennoBB 2.1 XennoBB XennoBB 1.0.6 XennoBB XennoBB 1.0.5 http://www.xennobb.com/...

XennoBB 1.0.x/2.2 - Icon_Topic SQL Injection

source: https://www.securityfocus.com/bid/19606/info XennoBB is prone to an SQL-injection vulnerability that could allow an attacker to influence the structure or logic of SQL queries made by the application. --------------------- EXPLOIT --------------------- Submit a forged POST request to...