[35742] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: PHP BB bug

daemon@ATHENA.MIT.EDU (micheal@michealcottingham.com)
Fri Jul 16 20:58:17 2004

Message-ID: <257320-22004741520421698@M2W059.mail2web.com>
Reply-To: webmaster@michealcottingham.com
From: "micheal@michealcottingham.com" <micheal@michealcottingham.com>
To: bugtraq@securityfocus.com
Date: Thu, 15 Jul 2004 16:04:21 -0400
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Actually, I found that it doesn't matter if an SQL query is there or not.

Example:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*

Something like:

http://www.example.com/viewtopic.php?t=12345&highlight=bug,*

does not work however. There doesn't _appear_ to be any exploit here,
though granted I did not check this a great deal.



--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[35742] in bugtraq

Re: PHP BB bug

daemon@ATHENA.MIT.EDU (micheal@michealcottingham.com)Fri Jul 16 20:58:17 2004

daemon@ATHENA.MIT.EDU (micheal@michealcottingham.com)
Fri Jul 16 20:58:17 2004