Bugtraq mailing list archives
Re: Possible phpBB <=2.0.11 bug or sql injection?
From: Exoduks <exoduks () gmail com>
Date: 18 Feb 2005 20:49:05 -0000
In-Reply-To: <20050217095457.23821.qmail () www securityfocus com>
http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\*\cdf or http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*
I have notice that this only works is php.ini is set like this: ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = On ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off
Current thread:
- Possible phpBB <=2.0.11 bug or sql injection? jtm297 (Feb 17)
- RE: Possible phpBB <=2.0.11 bug or sql injection? Miguel Angel Rodríguez Jódar (Feb 19)
- Re: Possible phpBB <=2.0.11 bug or sql injection? kaosone+[ONE]+ (Feb 19)
- Re: Possible phpBB <=2.0.11 bug or sql injection? Giacomo Rizzo (Feb 19)
- <Possible follow-ups>
- Re: Possible phpBB <=2.0.11 bug or sql injection? Exoduks (Feb 19)