phpBB 2.0.23 - From Variable Tampering to SQL Injection

13 Dec 2016 by Johannes Dahse

phpBB

In our 12th advent calendar gift, we would like to cover an exciting SQL injection in phpBB2. Although phpBB2 was replaced by its successor phpBB3, it is still one of the most popular bulletin boards. RIPS detected a less severe but very beautiful SQL injection vulnerability that bases on a PHP quirk we will examine in detail in this post.

Read More ...