BugTraq
Back to list
|
Post reply
Re: Possible phpBB <=2.0.11 bug or sql injection?
Feb 18 2005 08:49PM
Exoduks (exoduks gmail com)
In-Reply-To: <20050217095457.23821.qmail (at) www.securityfocus (dot) com [email concealed]>
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\
*\cdf
>
>or
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*
I have notice that this only works is php.ini is set like this:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\
*\cdf
>
>or
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*
I have notice that this only works is php.ini is set like this:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
[ reply ]