<<< Date Index >>>     <<< Thread Index >>>

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php



This exploit is valid. We've just exploted it.

VBulletin 3.7.0 Gold.

martin.meredith@xxxxxxxxxxxxx wrote:
This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.
Once again, this is invalid