mailing list archives
Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.
From: security curmudgeon <jericho () attrition org>
Date: Sun, 22 May 2005 14:58:48 -0400 (EDT)
On April 13, 2005, Diabolic Crab reported several vulnerabilities in phpBB
Plus and other modules. From the post:
: Photo Album v2.0.53
: SQL INJECTION
Looking at the vendor site , you can download the 2.0.53 version of
this module (album_v2053.zip) and browse the files included. There is no
"album_search.php" in it. This was confirmed by Smartor (the vendor) on
May 22, 2005.
- Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules. security curmudgeon (May 26)