Bugtraq mailing list archives
Re: PHP BB bug
From: Micheal Cottingham <webmaster () michealcottingham com>
Date: Sun, 18 Jul 2004 14:03:44 -0400
As per the Project Manager of phpBB, it is an added feature. (I spoke to him about this already.) There is no exploit or bug.
Christian Jonassen wrote:
Hmm. Highlighting everything---what's dangerous about that? - Christian NJ On Thu, 15 Jul 2004 16:04:21 -0400, micheal () michealcottingham com <micheal () michealcottingham com> wrote:Actually, I found that it doesn't matter if an SQL query is there or not. Example: http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20* Something like: http://www.example.com/viewtopic.php?t=12345&highlight=bug,* does not work however. There doesn't _appear_ to be any exploit here, though granted I did not check this a great deal. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
Current thread:
- PHP BB bug sasan hezarkhani (Jul 14)
- Re: PHP BB bug Rich Lafferty (Jul 16)
- <Possible follow-ups>
- Re: PHP BB bug micheal () michealcottingham com (Jul 16)
- Message not available
- Re: PHP BB bug Micheal Cottingham (Jul 19)
- Message not available