SecurityFocus

Possible phpBB <=2.0.11 bug or sql injection? Feb 17 2005 09:54AM
jtm297 optonline net (3 replies)

Re: Possible phpBB <=2.0.11 bug or sql injection? Feb 19 2005 12:29PM
kaosone+[ONE]+ (kaosone gmail com)

Re: Possible phpBB <=2.0.11 bug or sql injection? Feb 18 2005 09:02AM
Giacomo Rizzo (a_l_t_o_s yahoo it)

It does not seems to be a SQL injection vulnerability. In fact, it just
looks like a wrong replacement, but it's confined into the 'string'.

Actually the real problem is that this error, when debug mode is active,
make anyone discover the $prefix value, that should be kept secret in
case of blind sql injections...

Gacomo
--
# @@@
# (0 0)
=================ooO=(_)=Ooo=======================================
# Nome: Giacomo Rizzo [ aka: alt-os ] - http://www.free-os.it
# OS: Gnu (Slackware 10.0/Linux 2.6.7)
# --
# Coordinatore HANC (http://www.hancproject.org)
# Coordinatore POuL (http://www.poul.org)
# --
# Linux Registered User: #331781, Linux Registered Machine: #216123
===================================================================

[ reply ]

RE: Possible phpBB <=2.0.11 bug or sql injection? Feb 18 2005 01:31AM
Miguel Angel Rodríguez Jódar (rodriguj atc us es)