Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: phpBB sql injection

From: Evert Jan van Ramselaar <evertjan () vanramselaar nl>
Date: Fri, 20 Jun 2003 22:41:57 +0200
Rick wrote:
phpBB has sql injection problem in /viewtopic.php . I am attaching .pl script with details and some code. This
only works with register_globals = On. The query I used only works on db mysql4 or pgsql. I’ve tested this on phpBB up to latest 2.0.5 version. 

The phpBB Group has confirmed this and a fix is available:
http://www.phpbb.com/phpBB/viewtopic.php?t=112052

--
  Evert Jan van Ramselaar  <evertjan () vanramselaar nl>
  Van Ramselaar Info Tech  <http://www.vanramselaar.nl>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: