Full Disclosure mailing list archives
phpBB sql injection
From: "Rick" <rikul () bellsouth net>
Date: Fri, 20 Jun 2003 10:44:56 -0600
Hi, phpBB has sql injection problem in /viewtopic.php . I am attaching .pl script with details and some code. This only works with register_globals = On. The query I used only works on db mysql4 or pgsql. I've tested this on phpBB up to latest 2.0.5 version. Thanks, Rick Patel
Attachment:
phpbb_sql.pl
Description:
Current thread:
- phpBB sql injection Rick (Jun 20)
- Re: phpBB sql injection Evert Jan van Ramselaar (Jun 20)
