Re: Re: Re: phpBB 2.06 search.php SQL injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Re: phpBB 2.06 search.php SQL injection
From: theguywhocouldwipeyourphpBB@xxxxxxxxxxxxxxxxxxxxxxxxxx
Date: 29 Mar 2006 18:28:24 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Using 2.06 is a guaranteed ticket to your web site being hacked.  phpBB is at 
2.19 at the moment and there have been major security flaws found in each 
previous version - including 2.06

Patch your 2.06 up to 2.19 or die... because there are bots out there that are 
looking for lazy web admins who didn't upgrade.  But then again maybe you don't 
care if your 2.06 gets wiped out, your user database gets 'oWn3d' or if your 
server is already under their command and control.

Stop wasting time asking silly questions and get on with the business of 
properly securing your phpBB.   Zoneh.org is full of phpBB web sites that were 
too lazy or slow to upgrade.

Prev by Date: Re: Mis-diagnosed XSS bugs hiding worse issues due to PHP feature
Next by Date: DoS-ing sysklogd?
Previous by thread: Re: Re: phpBB 2.06 search.php SQL injection
Next by thread: [ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
Index(es):
- Date
- Thread