|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 118
Members: 0
Total: 118
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
multiple unspecified SQL injection in phpbb |
|
Posted: Tue Jul 20, 2004 10:36 am |
|
|
migo79 |
Regular user |
|
|
Joined: May 18, 2004 |
Posts: 17 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jul 20, 2004 10:50 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Yes, its my work, but its related to phpnuke, not to phpbb |
|
|
|
|
Posted: Tue Jul 20, 2004 2:55 pm |
|
|
migo79 |
Regular user |
|
|
Joined: May 18, 2004 |
Posts: 17 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jul 20, 2004 7:22 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
I have discovered some XSS and path disclosure there, sql injection cases
are not mine findings
But anyway - there are thousands of phpbb powered sites with version < 2.0.9
and they all can be abused by exploits, which can be constructed, if analyze ("diff") old and new versions of the phpbb scripts |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|