WowBB view_user.php SQL Injection Vulnerability

2005-05-11T00:00:00
ID SECURITYVULNS:DOC:8591
Type securityvulns
Reporter Securityvulns
Modified 2005-05-11T00:00:00

Description

An attacker can exploit this vulnerability to gain admin username and password.

http://www.wowbb.com/

Vulnerable versions: 1.6 1.61 1.62

Proof of concept: http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by='[SQL Injection]