| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Jul 2004 14:03:44 -0400 From: Micheal Cottingham <webmaster@...healcottingham.com> To: Christian Jonassen <flyrev@...il.com> Cc: bugtraq@...urityfocus.com Subject: Re: PHP BB bug As per the Project Manager of phpBB, it is an added feature. (I spoke to him about this already.) There is no exploit or bug. Christian Jonassen wrote: >Hmm. > >Highlighting everything---what's dangerous about that? > > - Christian NJ > >On Thu, 15 Jul 2004 16:04:21 -0400, micheal@...healcottingham.com ><micheal@...healcottingham.com> wrote: > > >>Actually, I found that it doesn't matter if an SQL query is there or not. >> >>Example: >> >>http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20* >> >>Something like: >> >>http://www.example.com/viewtopic.php?t=12345&highlight=bug,* >> >>does not work however. There doesn't _appear_ to be any exploit here, >>though granted I did not check this a great deal. >> >>-------------------------------------------------------------------- >>mail2web - Check your email from the web at >>http://mail2web.com/ . >> >> >> >> > > >
Powered by blists - more mailing lists