<<< Date Index >>> <<< Thread Index >>>

Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
From: Matias Blanco <blue@xxxxxxxxxx>
Date: Wed, 21 May 2008 15:21:07 -0300
In-reply-to: <20080521091620.6622.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20080521091620.6622.qmail@xxxxxxxxxxxxxxxxx>

This exploit is valid. We've just exploted it.

VBulletin 3.7.0 Gold.

martin.meredith@xxxxxxxxxxxxx wrote:

This is invalid. the variable q is taken, split into words, and then each word is escaped for usage within the DB.
Once again, this is invalid

References:
- Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
  - From: martin . meredith

Prev by Date: [SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code
Next by Date: CORE-2008-0126: Multiple vulnerabilities in iCal
Previous by thread: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
Next by thread: Re: Re: Vbulletin 3.7.0 Gold >> Sql injection on faq.php
Index(es):
- Date
- Thread