|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Possible phpBB <=2.0.11 bug or sql injection?
jtm297
optonline.net
Date: Thu Feb 17 2005 - 03:54:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Since phpbb's website says not to post it on their forum, I guess I'll post my findings here.
http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\*\cdf
or
http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*\
It seems it has something to do with the the \'s *'s and length. I am not sure if this is a big bug but I decided to try that after looking at search.php
************************************************
$search_author = str_replace('*', '%', trim($search_author));
$sql = "SELECT user_id
FROM " . USERS_TABLE . "
WHERE username LIKE '" . str_replace("\'", "''", $search_author) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain list of matching users (searching for: $search_author)", "", __LINE__, __FILE__, $sql);
}
*********************************************
Not sure if this is anything, but it seems to be running in the sql and erroring.
Thanks for your time,
jtm
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]