TUCoPS :: Web BBS :: etc :: hack7045.htm

WowBB view_user.php SQL Injection vuln
WowBB view_user.php SQL Injection Vulnerability 



An attacker can exploit this vulnerability to gain admin username and password.

http://www.wowbb.com/ 

Vulnerable versions: 1.6 
                     1.61
                     1.62

Proof of concept: 
http://www.example.com/wowbb/view_user.php?list=1&letter=&sort_by ='[SQL Injection]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH