<<< Date Index >>>     <<< Thread Index >>>

Re: Possible phpBB <=2.0.11 bug or sql injection?



It does not seems to be a SQL injection vulnerability. In fact, it just
looks like a wrong replacement, but it's confined into the 'string'.

Actually the real problem is that this error, when debug mode is active,
make anyone discover the $prefix value, that should be kept secret in
case of blind sql injections...

Gacomo
-- 
#                    @@@
#                   (0 0)
=================ooO=(_)=Ooo=======================================
# Nome: Giacomo Rizzo [ aka: alt-os ] - http://www.free-os.it
# OS: Gnu (Slackware 10.0/Linux 2.6.7)
# --
# Coordinatore HANC (http://www.hancproject.org)
# Coordinatore POuL (http://www.poul.org)
# --
# Linux Registered User: #331781, Linux Registered Machine: #216123
===================================================================

Attachment: signature.asc
Description: This is a digitally signed message part