[Full-Disclosure] phpBB sql injection
Evert Jan van Ramselaar
evertjan at vanramselaar.nl
Fri Jun 20 21:41:57 BST 2003
> phpBB has sql injection problem in /viewtopic.php . I am attaching .pl
> script with details and some code. This
> only works with register_globals = On. The query I used only works on db
> mysql4 or pgsql. I’ve tested this on phpBB up to latest 2.0.5 version.
The phpBB Group has confirmed this and a fix is available:
Evert Jan van Ramselaar <evertjan at vanramselaar.nl>
Van Ramselaar Info Tech <http://www.vanramselaar.nl>
Full-Disclosure is hosted and sponsored by Secunia.