ID: 30854 Updated by: [EMAIL PROTECTED] Reported By: zsak at gmx dot de Status: Bogus Bug Type: MySQL related -Operating System: Irrelevant +Operating System: * -PHP Version: Irrelevant +PHP Version: * New Comment:
Any script language can be exploitet if the app writers do not verify incoming data correctly. That said it is unlikely that PHP has a problem but instead it is most likely that those apps do not verify data themselves. Maybe they rely on magic quotes runtime which they shouldn't. And maybe the user found a way to use that fact... Previous Comments: ------------------------------------------------------------------------ [2004-11-21 13:18:23] zsak at gmx dot de It�s NOT a phpBB Problem! As I said, WBB and IBP have the same problem. Please think about the problem! There is one! ------------------------------------------------------------------------ [2004-11-21 13:12:44] [EMAIL PROTECTED] Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. It's phpBB problem. ------------------------------------------------------------------------ [2004-11-21 13:11:24] zsak at gmx dot de Description: ------------ I have a phpBB on my Webspace and 3 of my Friends have wBB, VB and IBP. I know a user(Nickname: gonzo), who says, he can access the whole Database over a PHP-Exploit. He knows all the secure (hidden) data of our Boards. Because we all use different Board-Versions it can�t be a Board-Exploit. Sorry, I don�t have more information, because the user doesn�t want to say, how the exploit works. The only thing I know is, that he knows the hidden data of our boards and therefore there must be a bug in PHP! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30854&edit=1
