Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7574
HistoryJan 13, 2005 - 12:00 a.m.

Woltlab Burning Book addentry.php SQL Injection

2005-01-1300:00:00
vulners.com
81
JSON

Advisory Information

Advisory name : Woltlab Burning Book addentry.php SQL Injection
Discovered by : drhankey / it-security23.net
Vendor Name : Woltlab
Vendor Homepage : http://www.woltlab.de
Software : Woltlab Burning Book Lite
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 1.0 Gold, 1.1.1e, maybe more
Platforms : OS Independent, PHP

What is Woltlab Burning Book ?

Woltlab Burning Board Lite is a free guestbook system.

Vulnerability Description:

When you post a message, addentry.php executes a SQL Query writing it in the db. The

user-agent is also saved, but not filtered. So its possible to modify the SQL Query when you

change your user-agent.

JSON