Posted on: 03/05/04 12:51am
By: Anonymous (unknowed)
/index.php?page=
/forum/createtopic.php?method=newtopic&forum=~
/forum/createtopic.php?method=newtopic&forum=:.
Even an empty page is exploitable
/forum/createtopic.php?method=&forum=6
want more?
It is exploitable
Posted on: 03/05/04 03:26am
By: Dirk
Just because it throws an SQL error doesn't automatically mean it's "exploitable". Although I have to agree that the forum could do some more thorough parameter checking.
Besides, your first and last example don't do anything.
If you're seriously interested in helping with security issues, please see our
security page[*1] .
bye, Dirk
It is exploitable
Posted on: 03/05/04 09:59am
By: Blaine
I have been making version 2.3beta releases available from my site since early January. This version includes code to filter all input parameters for possible hostile data.
It is exploitable
Posted on: 03/05/04 01:20pm
By: Anonymous (unknowed)
[QUOTE BY= Dirk] Just because it throws an SQL error doesn't automatically mean it's "exploitable". Although I have to agree that the forum could do some more thorough parameter checking.
Besides, your first and last example don't do anything.
If you're seriously interested in helping with security issues, please see our
security page[*1] .
bye, Dirk[/QUOTE]
You want to bet?
It is exploitable
Posted on: 03/05/04 01:24pm
By: Anonymous (unknowed)
btw.. my first and last exmaple was filtered the character should be \
It is exploitable
Posted on: 03/05/04 01:25pm
By: Anonymous (unknowed)
sorry forward slash