[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PHP BB bug

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHP BB bug
From: "micheal@xxxxxxxxxxxxxxxxxxxxx" <micheal@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 15 Jul 2004 16:04:21 -0400

Actually, I found that it doesn't matter if an SQL query is there or not.

Example:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*

Something like:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,*

does not work however. There doesn't _appear_ to be any exploit here,
though granted I did not check this a great deal.



--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

Prev by Date: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
Next by Date: [waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2]
Previous by thread: Re: PHP BB bug
Next by thread: Re: PHP BB bug
Index(es):
- Date
- Thread