[Full-Disclosure] phpBB sql injection
Evert Jan van Ramselaar
evertjan at vanramselaar.nl
Fri Jun 20 21:41:57 BST 2003
Rick wrote:
> phpBB has sql injection problem in /viewtopic.php . I am attaching .pl
> script with details and some code. This
>
> only works with register_globals = On. The query I used only works on db
> mysql4 or pgsql. I’ve tested this on phpBB up to latest 2.0.5 version.
The phpBB Group has confirmed this and a fix is available:
http://www.phpbb.com/phpBB/viewtopic.php?t=112052
--
Evert Jan van Ramselaar <evertjan at vanramselaar.nl>
Van Ramselaar Info Tech <http://www.vanramselaar.nl>
Full-Disclosure is hosted and sponsored by Secunia.