lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <000701c33634$42a14390$0100a8c0@ark>
Date: Thu, 19 Jun 2003 01:27:37 -0600
From: "Rick" <rikul@...lsouth.net>
To: <vulnwatch@...nwatch.org>
Cc: <bugtraq@...urityfocus.com>
Subject: phpBB password disclosure by sql injection
Hi
There is sql injection vuln in phpBB. The variable "topic_id" is passed
directly from GET to sql query in /viewtopic.php. It can be used
to get md5 passwords for users. I am attaching details and proof of
concept code. I've only tested this on mysql 4 and pgsql at my home
machines so I might have missed something...
Rick Patel
Download attachment "phpbb_sql.pl" of type "application/octet-stream" (3942 bytes)