0 Replies - 2481 Views - Last Post: 04 December 2003 - 12:19 PM Rate Topic: -----

#1 cyberscribe  Icon User is offline

  • humble.genius
  • member icon

Reputation: 10
  • View blog
  • Posts: 1,062
  • Joined: 05-May 02

Phpbb Bulletin Board Search.php Sql Injectio

Posted 04 December 2003 - 12:19 PM

Released from SANS yesterday:

phpBB Bulletin Board search.php SQL Injection

Affected Products:
phpBB version 2.06

phpBB is a popular open source bulletin board software which integrates
with multiple backend databases. The "search.php" script included with
the phpBB software contains a SQL injection vulnerability. The problem
arises due to lack of sanitization of user input to the script's
"search_id" parameter, allowing a malicious user to manipulate SQL
queries issued against the backend database. For instance, the
vulnerability can be exploited to extract the password hashes from the
database that can lead to administrative access to the bulletin board.
A proof-of-concept exploit has been posted.

Status: Vendor confirmed, a patch is available.

Council Site Actions:
The affected software is not in production or widespread use at any of
the council sites. They reported that no action was necessary.
Postings by Niels Teusink (discovered the bug)

Postings by Hat-Squad Security Team (Proof-of-Concept Exploit)

Vendor Released Patch


SecurityFocus BID

This post has been edited by cyberscribe: 04 December 2003 - 12:20 PM

Is This A Good Question/Topic? 0
  • +

Page 1 of 1