Re: Possible phpBB <=2.0.11 bug or sql injection?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Possible phpBB <=2.0.11 bug or sql injection?
From: Giacomo Rizzo <a_l_t_o_s@xxxxxxxx>
Date: Fri, 18 Feb 2005 10:02:47 +0100
In-reply-to: <20050217095457.23821.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050217095457.23821.qmail@xxxxxxxxxxxxxxxxxxxxx>

It does not seems to be a SQL injection vulnerability. In fact, it just
looks like a wrong replacement, but it's confined into the 'string'.

Actually the real problem is that this error, when debug mode is active,
make anyone discover the $prefix value, that should be kept secret in
case of blind sql injections...

Gacomo
-- 
#                    @@@
#                   (0 0)
=================ooO=(_)=Ooo=======================================
# Nome: Giacomo Rizzo [ aka: alt-os ] - http://www.free-os.it
# OS: Gnu (Slackware 10.0/Linux 2.6.7)
# --
# Coordinatore HANC (http://www.hancproject.org)
# Coordinatore POuL (http://www.poul.org)
# --
# Linux Registered User: #331781, Linux Registered Machine: #216123
===================================================================

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Possible phpBB <=2.0.11 bug or sql injection?
  - From: jtm297

Prev by Date: Re: Dangers of discarding duplicated messages
Next by Date: Re: Dangers of discarding duplicated messages
Previous by thread: Re: Possible phpBB <=2.0.11 bug or sql injection?
Next by thread: Re: Possible phpBB <=2.0.11 bug or sql injection?
Index(es):
- Date
- Thread