Bugtraq mailing list archives
Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions]
From: JeiAr <security () gulftech org>
Date: 26 Mar 2004 19:30:14 -0000
In-Reply-To: <20040326172740.5558.qmail () www securityfocus com> Nice find, Confirmed on phpBB 2.0.8 :) What I did as a quick fix was to declare $pm_sql_user empty before it is declared with the proper data. That way it (hopefully) will not pass any values recieved from outside of the script to the query. For example, wherever I see this. $pm_sql_user .= "blah blah blah query info here" I add this before it $pm_sql_user = ''; I have not had much time to look into the code as a whole, but the fix seems to work fine. Maybe some of you have better ideas? ;) BTW, in a way I don't blame you for not informing phpBB (I am assuming you didn't) After the greif I was given for trying to help with the last vuln I reported to them I doubt I will give them advanced warning in the future. Who knows. Best Regards, JeiAr GulfTech Security Research
From: Janek Vind <come2waraxe () yahoo com> To: bugtraq () securityfocus com Subject: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions]
Current thread:
- Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions] JeiAr (Mar 26)
- <Possible follow-ups>
- Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions] Benjamin Tolman (Mar 29)