by r0t,der4444,cembo,VietMafia

Thursday, November 17, 2005

Multiple SQL Injection Vulnerabilities in class-1 Forum Software (v 0.24.4)


Multiple SQL Injection Vulnerabilities in class-1 Forum Software (v 0.24.4)

Author: r0t (hackers.by.lv)
Date: 17 nov. 2005
Software: class-1 Forum Software (v 0.24.4)
Vendor:http://www.class1web.co.uk/
Affected:v 0.24.4 and prior

Description:
Multiple parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/forum/viewforum.php?forum='
/forum/viewforum.php?mode=view&id='
/forum/viewforum.php?mode='
/forum/users.php?mode=viewprofile&viewuser_id='
/forum/users.php?mode=viewgroup&group='

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew