Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: hack7045.htm

WowBB view_user.php SQL Injection vuln



WowBB view_user.php SQL Injection Vulnerability



An attacker can exploit this vulnerability to gain admin username and password.

http://www.wowbb.com/ 

Vulnerable versions: 1.6 
                     1.61
                     1.62

Proof of concept: 
http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by ='[SQL Injection]



 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH