[Full-Disclosure] phpBB sql injection
Rick
rikul at bellsouth.net
Fri Jun 20 17:44:56 BST 2003
Hi,
phpBB has sql injection problem in /viewtopic.php . I am attaching .pl
script with details and some code. This
only works with register_globals = On. The query I used only works on db
mysql4 or pgsql. I've tested this on phpBB up to latest 2.0.5 version.
Thanks,
Rick Patel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030620/d8f9edcf/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phpbb_sql.pl
Type: application/octet-stream
Size: 3607 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030620/d8f9edcf/attachment.obj
Full-Disclosure is hosted and sponsored by Secunia.