CVE-2003-1215

SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sqlin parameter...

phpBB 2.0.6 - 'privmsg.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in...

phpBB 2.0.6 - search_id SQL Injection MD5 Hash

phpBB 2.0.6 - searchid SQL Injection MD5 Hash !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for...

phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash

!/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for user with id=2 is:...