Re: phpBB "charts.php" XSS and SQL-Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpBB "charts.php" XSS and SQL-Injection
From: g30rg3x@xxxxxxxxx
Date: 12 May 2006 04:08:07 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This Advisorie is incorrect its not a phpBB security flaw, its a MOD of phpBB 
called "Charts MOD".

That allows users to vote, rate music and related stuff..
url: http://www.phpbb2.de/dload.php?action=file&file_id=670

so please review and correct your advisorie...

grettings from mexico

g30rg3_x

Prev by Date: PHPBB 2.0.20 persistent issues with avatars
Next by Date: RE: Oracle - the last word
Previous by thread: phpBB "charts.php" XSS and SQL-Injection
Next by thread: Re: phpBB "charts.php" XSS and SQL-Injection
Index(es):
- Date
- Thread