As per the Project Manager of phpBB, it is an added feature. (I spoke to
him about this already.) There is no exploit or bug.
Christian Jonassen wrote:
>Hmm.
>
>Highlighting everything---what's dangerous about that?
>
> - Christian NJ
>
>On Thu, 15 Jul 2004 16:04:21 -0400, micheal (at) michealcottingham (dot) com [email concealed]
><micheal (at) michealcottingham (dot) com [email concealed]> wrote:
>
>
>>Actually, I found that it doesn't matter if an SQL query is there or not.
>>
>>Example:
>>
>>http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*
>>
>>Something like:
>>
>>http://www.example.com/viewtopic.php?t=12345&highlight=bug,*
>>
>>does not work however. There doesn't _appear_ to be any exploit here,
>>though granted I did not check this a great deal.
>>
>>--------------------------------------------------------------------
>>mail2web - Check your email from the web at
>>http://mail2web.com/ .
>>
>>
>>
>>
>
>
>
him about this already.) There is no exploit or bug.
Christian Jonassen wrote:
>Hmm.
>
>Highlighting everything---what's dangerous about that?
>
> - Christian NJ
>
>On Thu, 15 Jul 2004 16:04:21 -0400, micheal (at) michealcottingham (dot) com [email concealed]
><micheal (at) michealcottingham (dot) com [email concealed]> wrote:
>
>
>>Actually, I found that it doesn't matter if an SQL query is there or not.
>>
>>Example:
>>
>>http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*
>>
>>Something like:
>>
>>http://www.example.com/viewtopic.php?t=12345&highlight=bug,*
>>
>>does not work however. There doesn't _appear_ to be any exploit here,
>>though granted I did not check this a great deal.
>>
>>--------------------------------------------------------------------
>>mail2web - Check your email from the web at
>>http://mail2web.com/ .
>>
>>
>>
>>
>
>
>
[ reply ]