<<< Date Index >>>     <<< Thread Index >>>

Re: Possible phpBB <=2.0.11 bug or sql injection?



In-Reply-To: <20050217095457.23821.qmail@xxxxxxxxxxxxxxxxxxxxx>

>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\*\cdf
>
>or
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*

I have notice that this only works is php.ini is set like this:

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off