inurl:"forumdisplay.php" +"Powered by: vBulletin Version 3.0.0..4"

  • 日期:2004-11-05
  • 类别:
  • 作者:anonymous
  • 语法:inurl:"forumdisplay.php" +"Powered by: vBulletin Version 3.0.0..4"
  • vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. An attacker may exploit this issue to manipulate and inject SQL queries onto the underlying database. It will be possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database. Versions 3.0 through to 3.0.3 are reportedly affected by this issue.http://www.securityfocus.com/bid/11193