|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
phpBB password disclosure by sql injection
From: Rick (rikul
bellsouth.net)
Date: Thu Jun 19 2003 - 02:27:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi
There is sql injection vuln in phpBB. The variable "topic_id" is passed
directly from GET to sql query in /viewtopic.php. It can be used
to get md5 passwords for users. I am attaching details and proof of
concept code. I've only tested this on mysql 4 and pgsql at my home
machines so I might have missed something...
Rick Patel
- application/octet-stream attachment: phpbb_sql.pl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]