Blind SQL Injection Exploits!
About toplist.php i just removed!
Any idea how to fix the vuln on memberslist2.php and viewtopic.php ?
The impact of this vulnerability
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
How to fix this vulnerability
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.