Re: PHP BB bug
micheal_at_michealcottingham.com
Date: 07/15/04
- Previous message: Janek Vind: "[waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2]"
- Maybe in reply to: sasan hezarkhani: "PHP BB bug"
- Next in thread: Micheal Cottingham: "Re: PHP BB bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Thu, 15 Jul 2004 16:04:21 -0400
Actually, I found that it doesn't matter if an SQL query is there or not.
Example:
http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*
Something like:
http://www.example.com/viewtopic.php?t=12345&highlight=bug,*
does not work however. There doesn't _appear_ to be any exploit here,
though granted I did not check this a great deal.
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
- Previous message: Janek Vind: "[waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2]"
- Maybe in reply to: sasan hezarkhani: "PHP BB bug"
- Next in thread: Micheal Cottingham: "Re: PHP BB bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
