Elite Bulletin Board – Multiple SQL Injections

Exploit Database
43 阅读

作者： ToXiC

日期： 2012-07-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37502/

source: https://www.securityfocus.com/bid/54452/info

Elite Bulletin Board is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Elite Bulletin Board 2.1.19 is vulnerable; other versions may also be affected 

http://www.example.com/ebbv2/groups.php?id=%5c&mode=view
http://www.example.com/ebbv2/rssfeed.php?bid=%5c
http://www.example.com/ebbv2/viewboard.php?bid=%5c

last Exploits
Elite Bulletin Board – Multiple SQL Injections的更多信息

Fastweb FASTGate 0.00.47 – Cross-Site Request Forgery：
WordPress Core < 4.7.1 - Username Enumeration：
Ruubikcms 1.1.0 – ‘/extra/image.php’ Local File Inclusion：
Sakai 10.7 – Multiple Vulnerabilities：
Online Tshirt Design Script – SQL Injection：
Smart ASP Survey – Cross-Site Scripting / SQL Injection：
vBulletin vBShout Mod – Persistent Cross-Site Scripting：
Quick Polls – Local File Inclusion / Deletion：