|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Possible phpBB <=2.0.11 bug or sql injection?
From: Exoduks (exoduks
gmail.com)
Date: Fri Feb 18 2005 - 14:49:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <20050217095457.23821.qmailwww.securityfocus.com>
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\*\cdf
>
>or
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*
I have notice that this only works is php.ini is set like this:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]