Re: Re: phpBB 2.06 search.php SQL injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: phpBB 2.06 search.php SQL injection
From: fritz-li@xxxxxxxxxxxxxxx
Date: 28 Mar 2006 21:57:24 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

My phpBB is 2.06, however, when I implement the script to test the 
vulnerability of my site, there is no result coming out, is that means that my 
website is OK?

Besides, what do we need to change of the value of these serizable string in 
order to make it work?

What is the difference between "a:1:{s:0:"";s:4:"test";}" 
and";a:1:{i:0;s:8:"aaaaaa";}s:7:"s??

Cheers

Prev by Date: Re: Sudo tricks
Next by Date: PhxContacts <= 0.93.1 beta Multiple SQL injection & xss
Previous by thread: Re: phpBB 2.06 search.php SQL injection
Next by thread: Re: Re: Re: phpBB 2.06 search.php SQL injection
Index(es):
- Date
- Thread