Re: SQL IN Open Bulletin Board

To: ABDUCTER_MINDS@xxxxxxxxx
Subject: Re: SQL IN Open Bulletin Board
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Tue, 9 Aug 2005 23:35:36 -0400 (EDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050808110314.6279.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050808110314.6279.qmail@xxxxxxxxxxxxxxxxx>

Each of these has been previously disclosed it seems:

: discussion :- there is many sql in 
:                               (board.php) as 
wwww.victim.com/openbb/board.php?FID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php

:                               (read.php) as 
www.victim.com/openbb/read.php?TID=[sql]

2005-05-12
http://archives.neohapsis.com/archives/bugtraq/2005-05/0175.html

:                               (member.php) as 
www.victim.com/openbb/member.php?action=profile&UID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php


I don't see any indication they were ever fixed, even though a year+ old.

References:
- SQL IN Open Bulletin Board
  - From: ABDUCTER_MINDS

Prev by Date: RE: [Full-disclosure] Help put a stop to incompetent computer forensics
Next by Date: CoolWebSearch found in massive spyware ring
Previous by thread: SQL IN Open Bulletin Board
Next by thread: E107 + IPB XSS Exploit
Index(es):
- Date
- Thread