Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Sun, 22 May 2005 14:58:48 -0400 (EDT)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


http://archives.neohapsis.com/archives/bugtraq/2005-04/0190.html

On April 13, 2005, Diabolic Crab reported several vulnerabilities in phpBBPlus and other modules. From the post:


: Photo Album v2.0.53
:
: http://localhost/album_search.php?mode='SQL_INJECTION&search=dcrab
: SQL INJECTION

Looking at the vendor site [1], you can download the 2.0.53 version ofthis module (album_v2053.zip) and browse the files included. There is no"album_search.php" in it. This was confirmed by Smartor (the vendor) onMay 22, 2005.



Brian
OSVDB.org



[1] http://smartor.is-root.com/viewtopic.php?t=3021

Prev by Date: Re: PowerLink WAN Aggregator - Vunerability
Next by Date: Meteor FTP Server: PoC Exploit
Previous by thread: Re: PowerLink WAN Aggregator - Vunerability
Next by thread: Meteor FTP Server: PoC Exploit
Index(es):
- Date
- Thread