[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible phpBB <=2.0.11 bug or sql injection?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Possible phpBB <=2.0.11 bug or sql injection?
From: Exoduks <exoduks@xxxxxxxxx>
Date: 18 Feb 2005 20:49:05 -0000

In-Reply-To: <20050217095457.23821.qmail@xxxxxxxxxxxxxxxxxxxxx>

>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\*\cdf
>
>or
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*

I have notice that this only works is php.ini is set like this:

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

Prev by Date: MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms
Next by Date: Re: Dangers of discarding duplicated messages
Previous by thread: Re: Possible phpBB <=2.0.11 bug or sql injection?
Next by thread: [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution
Index(es):
- Date
- Thread