Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Re[2]: sql injection in phpbb

Re[2]: sql injection in phpbb

From: Alexander GQ Gerasiov <bugtaq_at_gq.pp.ru>
Date: Tue, 11 Nov 2003 04:15:35 +0300

Hello telli,

tcc> Ok now where exactly would one include this information to
tcc> tighten the security? After going through all profile pages
tcc> (running 2.0.6) I found nothing like this Are we sure it is
tcc> included in 2.0.6? I think if the files that need to be fixed can
tcc> be listed we can start to work on this fix.
Yes, fix for this hole was included into 2.0.6 (above in the thread
someone post a piece of code from 2.0.6 wich cover this).
But be carefull phpBB team sometimes update their packages without
changing number. So better if you check your code in
include/usercp_viewprofile.php (there must be the code quoted above).

Best regards,
 Alexander GQ Gerasiov <bugtaq_at_gq.pp.ru>

Кука: Пожалуйста, не выгоняйте студентов из Гарварда. Дайте им доучиться. А то они потом Windows делают.
  np: [Clear Project Studio] Chillout Moods (Disc 7) -- Quidam
Received on Nov 11 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]