<<< Date Index >>>     <<< Thread Index >>>

Re: PHP BB bug



As per the Project Manager of phpBB, it is an added feature. (I spoke to him about this already.) There is no exploit or bug.

Christian Jonassen wrote:

Hmm.

Highlighting everything---what's dangerous about that?

- Christian NJ

On Thu, 15 Jul 2004 16:04:21 -0400, micheal@xxxxxxxxxxxxxxxxxxxxx
<micheal@xxxxxxxxxxxxxxxxxxxxx> wrote:
Actually, I found that it doesn't matter if an SQL query is there or not.

Example:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*

Something like:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,*

does not work however. There doesn't _appear_ to be any exploit here,
though granted I did not check this a great deal.

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .