Full Disclosure mailing list archives
Re: phpBB sql injection
From: Evert Jan van Ramselaar <evertjan () vanramselaar nl>
Date: Fri, 20 Jun 2003 22:41:57 +0200
Rick wrote:
phpBB has sql injection problem in /viewtopic.php . I am attaching .pl script with details and some code. Thisonly works with register_globals = On. The query I used only works on db mysql4 or pgsql. I’ve tested this on phpBB up to latest 2.0.5 version.
The phpBB Group has confirmed this and a fix is available: http://www.phpbb.com/phpBB/viewtopic.php?t=112052 -- Evert Jan van Ramselaar <evertjan () vanramselaar nl> Van Ramselaar Info Tech <http://www.vanramselaar.nl> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- phpBB sql injection Rick (Jun 20)
- Re: phpBB sql injection Evert Jan van Ramselaar (Jun 20)