Wowbb View_user.php Sql Injection Vulnerability

qcred11

May 10 2005, 09:06 PM

QUOTE

An attacker can exploit this vulnerability to gain admin username and password.

http://www.wowbb.com/
Vulnerable versions: 1.6 , 1.61 , 1.62

Proof of concept:
http://www.example.com/wowbb/view_user.php...=&sort_by='[SQL Injection]

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.