Short Name |
HTTP:PHP:PHPBB:SEARCH-INJECT |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
phpBB search_id SQL Injection |
Release Date |
2003/12/03 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in phpBB, an open-source bulletin board package. The search_id parameter in phpBB is vulnerable to SQL injection. Attackers can query private data (such as hashed passwords) then embed the password in a cookie to gain adminstrative access to the Web site.
It has been reported that phpBB may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database. phpBB version 2.06 has been prone to this issue, however other versions may be affected as well.