<<< Date Index >>>     <<< Thread Index >>>

Re: SQL IN Open Bulletin Board



Each of these has been previously disclosed it seems:

: discussion :- there is many sql in 
:                               (board.php) as 
wwww.victim.com/openbb/board.php?FID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php

:                               (read.php) as 
www.victim.com/openbb/read.php?TID=[sql]

2005-05-12
http://archives.neohapsis.com/archives/bugtraq/2005-05/0175.html

:                               (member.php) as 
www.victim.com/openbb/member.php?action=profile&UID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php


I don't see any indication they were ever fixed, even though a year+ old.