[VulnWatch] phpBB password disclosure by sql injection

From: Rick (rikul_at_bellsouth.net)
Date: 06/19/03

  • Next message: KF: "[VulnWatch] SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow"
    To: <vulnwatch@vulnwatch.org>
    Date: Thu, 19 Jun 2003 01:27:37 -0600
    
    
    

    Hi

    There is sql injection vuln in phpBB. The variable "topic_id" is passed
    directly from GET to sql query in /viewtopic.php. It can be used
    to get md5 passwords for users. I am attaching details and proof of
    concept code. I've only tested this on mysql 4 and pgsql at my home
    machines so I might have missed something...

    Rick Patel

    
    



  • Next message: KF: "[VulnWatch] SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow"