CVE-2006-3799
CVE-2006-3799
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.htmlhttp://secunia.com/advisories/21116http://securityreason.com/securityalert/1254http://www.securityfocus.com/archive/1/440435/100/0/threadedhttp://www.securityfocus.com/bid/19052http://www.vupen.com/english/advisories/2006/2879