Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[Hat-Squad] phpBB search_id injection exploit Nov 28 2003 08:59PM
Hat-Squad Security Team (service hat-squad com)


Hello list,

Here is the exploit code for phpbb 2.06 sql injection described in http://www.securityfocus.com/archive/1/345872 .

It will return MD5 password hash of specified user as [highlight] variable for viewtopic.php in search results page.

http://site.com/search.php?search_id=1%20union...

[ more ]  




 

Privacy Statement
Copyright 2008, SecurityFocus