Bugtraq mailing list archives
Re[2]: sql injection in phpbb
From: Alexander GQ Gerasiov <bugtaq () gq pp ru>
Date: Tue, 11 Nov 2003 04:15:35 +0300
Hello telli, tcc> Ok now where exactly would one include this information to tcc> tighten the security? After going through all profile pages tcc> (running 2.0.6) I found nothing like this Are we sure it is tcc> included in 2.0.6? I think if the files that need to be fixed can tcc> be listed we can start to work on this fix. Yes, fix for this hole was included into 2.0.6 (above in the thread someone post a piece of code from 2.0.6 wich cover this). But be carefull phpBB team sometimes update their packages without changing number. So better if you check your code in include/usercp_viewprofile.php (there must be the code quoted above). Best regards, Alexander GQ Gerasiov <bugtaq () gq pp ru> Кука: Пожалуйста, не выгоняйте студентов из Гарварда. Дайте им доучиться. А то они потом Windows делают. np: [Clear Project Studio] Chillout Moods (Disc 7) -- Quidam
Current thread:
- sql injection in phpbb jocanor jocanor (Nov 08)
- Re: sql injection in phpbb Marius Kaase (Nov 08)
- Directory traversal in The TelCondex SimpleWebserver 2.13.31027 Build 3289. nimber (Nov 10)
- Re: sql injection in phpbb Jort Slobbe (Nov 10)
- <Possible follow-ups>
- Re: sql injection in phpbb telli (Nov 10)
- Re: sql injection in phpbb Jayson Anderson (Nov 11)
- Re[2]: sql injection in phpbb Alexander GQ Gerasiov (Nov 11)
- Re: Fw: sql injection in phpbb Micheal Cottingham (Nov 10)