<<< Date Index >>>     <<< Thread Index >>>

Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability



Hi,

I can't confirm this "bug". I tested it with WBB 2.3.3 and 2.3.4 and I just get a normal thread page but without any postings. Where is the SQL "injection"? More infos would be great.

Greets
Bastian Ahrens


sn4k3.23@xxxxxxxxx wrote:
Use it like this:

http://127.0.0.1/wbb2/thread.php?threadid=1&page=-1

Ok, its kinda useless 'cause it's an "ORDER BY", but u can see:

- the PHP Version
- the MySQL version
- the wBB Version (when it has been faked or removed)

Greets,

666 - www.sr-crew.de.tt