>> This assumes you're seeing GET-requests, but there are other ways
>> (e.g. POST) to exploit such code.
> Whilst I understand your point, it should be noted that this
> vulnerability in phpBB is susceptible only to GET-based attacks: the
> vulnerable data is sourced from $HTTP_GET_VARS.
>> This assumes you're seeing GET-requests, but there are other ways
>> (e.g. POST) to exploit such code.
> Whilst I understand your point, it should be noted that this
> vulnerability in phpBB is susceptible only to GET-based attacks: the
> vulnerable data is sourced from $HTTP_GET_VARS.
A...
[ more ]