GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   SECURITY WARNING: Anyone using phpBB? (https://gfy.com/showthread.php?t=204380)

swedguy 12-03-2003 07:00 PM
SECURITY WARNING: Anyone using phpBB?
 
http://www.securityfocus.com/bid/9122

Quote:
It has been reported that phpBB may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database.

phpBB version 2.06 has been prone to this issue, however other versions may be affected as well.

ThePornPusher 12-03-2003 08:14 PM
Thanks for the heads up...:thumbsup

dirtysouth 12-03-2003 08:16 PM
Thanks! :mad:

extreme 12-03-2003 08:57 PM
open search.php, line ~685:

Replace
Code:
if ( intval($search_id) )
      {
        $sql = "SELECT search_array
            FROM " . SEARCH_TABLE . "
            WHERE search_id = $search_id
              AND session_id = '". $userdata['session_id'] . "'";
with

Code:
$search_id = intval($search_id);
      if ( $search_id )
      {
        $sql = "SELECT search_array
            FROM " . SEARCH_TABLE . "
            WHERE search_id = $search_id
              AND session_id = '". $userdata['session_id'] . "'";
Info from a trusted source, phpbbs own site: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=153818

swedguy 12-04-2003 12:05 PM
a last bump

ZoiNk 12-04-2003 12:18 PM
A lot of ppl use that, hope everyone gets their fixed fast.
*mini bump*
ZoiNk

davvve 12-04-2003 12:22 PM
Thanks for letting us know!

 Smokey The Bear  12-04-2003 02:38 PM
:thumbsup :)


All times are GMT -7. The time now is 03:30 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123