Vulnwatch mailing list archives
phpBB password disclosure by sql injection
From: "Rick" <rikul () bellsouth net>
Date: Thu, 19 Jun 2003 01:27:37 -0600
Hi There is sql injection vuln in phpBB. The variable "topic_id" is passed directly from GET to sql query in /viewtopic.php. It can be used to get md5 passwords for users. I am attaching details and proof of concept code. I've only tested this on mysql 4 and pgsql at my home machines so I might have missed something... Rick Patel
Attachment:
phpbb_sql.pl
Description:
Current thread:
- phpBB password disclosure by sql injection Rick (Jun 19)