SQL INJECTION in LinksLinks Pro. PHPBB Mod.

From: rock master (rock_mask_at_hotmail.com)
Date: 04/05/05

Next message: Román Ramírez: "Logics Software BS2000 Host to Web Client ALL PLATFORMS"

Previous message: Imran Ghory: "gzip TOCTOU file-permissions vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 4 Apr 2005 23:36:10 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

SQL Injection was found in the Variable $id in : LinksLinks Pro Mod
vulnerable system :
phpBB 2.0.x
exploit :
links.php?func=show&id='[SQL Injection]

Bug Found by : LovER BOY

SecurityGurus Team
www.securitygurus[d0t]Net

Next message: Román Ramírez: "Logics Software BS2000 Host to Web Client ALL PLATFORMS"

Previous message: Imran Ghory: "gzip TOCTOU file-permissions vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection
... phpBB 2.0.6 and below sql injection. ... There is SQL injection in $search_results variable when performing search ... Vendor Response ...
(Full-Disclosure)
[SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection
... phpBB 2.0.6 and below sql injection. ... There is SQL injection in $search_results variable when performing search ... Vendor Response ...
(Full-Disclosure)
[SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection
... phpBB 2.0.6 and below sql injection. ... There is SQL injection in $search_results variable when performing search ... Vendor Response ...
(Bugtraq)