Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: PHP BB bug
From: Micheal Cottingham <webmaster () michealcottingham com>
Date: Sun, 18 Jul 2004 14:03:44 -0400
As per the Project Manager of phpBB, it is an added feature. (I spoke to him about this already.) There is no exploit or bug. 

Christian Jonassen wrote:


Hmm.

Highlighting everything---what's dangerous about that?

- Christian NJ

On Thu, 15 Jul 2004 16:04:21 -0400, micheal () michealcottingham com
<micheal () michealcottingham com> wrote:

Actually, I found that it doesn't matter if an SQL query is there or not.

Example:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*

Something like:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,*

does not work however. There doesn't _appear_ to be any exploit here,
though granted I did not check this a great deal.

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

  By Date           By Thread  

Current thread:
  • PHP BB bug sasan hezarkhani (Jul 14)
    • <Possible follow-ups>
    • Re: PHP BB bug micheal () michealcottingham com (Jul 16)
      • Message not available
        • Re: PHP BB bug Micheal Cottingham (Jul 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]