Full Disclosure mailing list archives

phpBB sql injection


From: "Rick" <rikul () bellsouth net>
Date: Fri, 20 Jun 2003 10:44:56 -0600

Hi,
 
phpBB has sql injection problem in /viewtopic.php . I am attaching .pl
script with details and some code. This
only works with register_globals = On. The query I used only works on db
mysql4 or pgsql. I've tested this on phpBB up to latest 2.0.5 version.
 
Thanks,
Rick Patel

Attachment: phpbb_sql.pl
Description:


Current thread: