Re: Vbulletin 3.6.5 Sql Injection ! [misc.php]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Vbulletin 3.6.5 Sql Injection ! [misc.php]
From: scott-REMOVE@xxxxxxxxxxxxx
Date: 14 Apr 2007 14:25:02 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

There is no SQL injection being performed on that page, the proof of concept 
script simple grabs any 32 character string from the page, the one in question 
happens to be a logout hash.

The logout hash is used to mitigate a CSRF.

Prev by Date: bloofoxCMS 0.2.2 Cross Site Scripting
Next by Date: VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit
Previous by thread: Vbulletin 3.6.5 Sql Injection ! [misc.php]
Next by thread: bloofoxCMS 0.2.2 Cross Site Scripting
Index(es):
- Date
- Thread