SQL Injection Vulnerability in Vegas Forum
- SQL Injection Vulnerability in Vegas Forum
- Last Update
- 2006.03.13 Exploitation code published
- Risk Level
- SQL Injection
- Unpatched. No reply from developer(s)
- Vulnerable Software
- Vegas Forum (http://www.battlereports.com/downloads.php)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in Vegas Forum (http://www.battlereports.com/downloads.php) script.Vulnerable script: forumlib.php
Variable $postid isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
PoC/ExploitSQL Injection Example:
Solution for "SQL Injection Vulnerability in Vegas Forum" is not available. Check vendor's website for updates.
Order Source Code Analysis made by eVuln
Check a website by source code analysis of your site done by eVuln team.The work will be done by specialists in web security.