{"id":585,"date":"2003-12-05T14:30:40","date_gmt":"2003-12-05T12:30:40","guid":{"rendered":"\/\/?p="},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T23:00:00","slug":"phpbb-search-sql-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/","title":{"rendered":"phpBB Search SQL Injection Vulnerability"},"content":{"rendered":"<p>phpBB Search SQL Injection Vulnerability<\/p>\n<blockquote><p>Description: A vulnerability has been reported to exist in search<br \/>\nfunctionality that may allow a remote user to inject potentially<br \/>\nmalicious SQL commands into database queries.<\/p>\n<p>Ref: <a href=\"http:\/\/www.securityfocus.com\/archive\/1\/345872\">http:\/\/www.securityfocus.com\/archive\/1\/345872<\/a><\/p><\/blockquote>\n<p>ciuaz<\/p>\n","protected":false},"excerpt":{"rendered":"<p>phpBB Search SQL Injection Vulnerability Description: A vulnerability has been reported to exist in search functionality that may allow a remote user to inject potentially malicious SQL commands into database queries. Ref: http:\/\/www.securityfocus.com\/archive\/1\/345872 ciuaz<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5],"tags":[],"class_list":["post-585","post","type-post","status-publish","format-standard","hentry","category-tecnologia"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>phpBB Search SQL Injection Vulnerability - Fullo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"phpBB Search SQL Injection Vulnerability - Fullo\" \/>\n<meta property=\"og:description\" content=\"phpBB Search SQL Injection Vulnerability Description: A vulnerability has been reported to exist in search functionality that may allow a remote user to inject potentially malicious SQL commands into database queries. Ref: http:\/\/www.securityfocus.com\/archive\/1\/345872 ciuaz\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Fullo\" \/>\n<meta property=\"article:published_time\" content=\"2003-12-05T12:30:40+00:00\" \/>\n<meta name=\"author\" content=\"Francesco Fullone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@fullo\" \/>\n<meta name=\"twitter:site\" content=\"@fullo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Fullone\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/\"},\"author\":{\"name\":\"Francesco Fullone\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"headline\":\"phpBB Search SQL Injection Vulnerability\",\"datePublished\":\"2003-12-05T12:30:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/\"},\"wordCount\":43,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"articleSection\":[\"tecnologia\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/\",\"name\":\"phpBB Search SQL Injection Vulnerability - Fullo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\"},\"datePublished\":\"2003-12-05T12:30:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2003\\\/12\\\/05\\\/phpbb-search-sql-injection-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"phpBB Search SQL Injection Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\",\"name\":\"Fullo\",\"description\":\"nulla e&#039; impossibile per chi non lo deve fare!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\",\"name\":\"Francesco Fullone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"width\":622,\"height\":622,\"caption\":\"Francesco Fullone\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/www.fullo.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/fullo\",\"https:\\\/\\\/x.com\\\/fullo\"],\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/author\\\/fullo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"phpBB Search SQL Injection Vulnerability - Fullo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"phpBB Search SQL Injection Vulnerability - Fullo","og_description":"phpBB Search SQL Injection Vulnerability Description: A vulnerability has been reported to exist in search functionality that may allow a remote user to inject potentially malicious SQL commands into database queries. Ref: http:\/\/www.securityfocus.com\/archive\/1\/345872 ciuaz","og_url":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/","og_site_name":"Fullo","article_published_time":"2003-12-05T12:30:40+00:00","author":"Francesco Fullone","twitter_card":"summary_large_image","twitter_creator":"@fullo","twitter_site":"@fullo","twitter_misc":{"Written by":"Francesco Fullone"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/"},"author":{"name":"Francesco Fullone","@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"headline":"phpBB Search SQL Injection Vulnerability","datePublished":"2003-12-05T12:30:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/"},"wordCount":43,"commentCount":0,"publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"articleSection":["tecnologia"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/","url":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/","name":"phpBB Search SQL Injection Vulnerability - Fullo","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/#website"},"datePublished":"2003-12-05T12:30:40+00:00","breadcrumb":{"@id":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fullo.net\/blog\/2003\/12\/05\/phpbb-search-sql-injection-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fullo.net\/blog\/"},{"@type":"ListItem","position":2,"name":"phpBB Search SQL Injection Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.fullo.net\/blog\/#website","url":"https:\/\/www.fullo.net\/blog\/","name":"Fullo","description":"nulla e&#039; impossibile per chi non lo deve fare!","publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fullo.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c","name":"Francesco Fullone","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","width":622,"height":622,"caption":"Francesco Fullone"},"logo":{"@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1"},"sameAs":["http:\/\/www.fullo.net","https:\/\/www.linkedin.com\/in\/fullo","https:\/\/x.com\/fullo"],"url":"https:\/\/www.fullo.net\/blog\/author\/fullo\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3OSc1-9r","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1680,"url":"https:\/\/www.fullo.net\/blog\/2005\/10\/05\/sql-designer\/","url_meta":{"origin":585,"position":0},"title":"SQL Designer","author":"Francesco Fullone","date":"05\/10\/2005","format":false,"excerpt":"SQL Designer \u00e8 un'applicazione ajax enabled che serve a disegnare schemi ER. Con questo script \u00e8 possibile creare nuove tabelle, foreign key, aggiungere e rimuovere campi dalle tabelle come se nulla fosse e con un'interfaccia grafica pulita e molto semplice da usare. Inoltre le relazioni sono controllate e se viene\u2026","rel":"","context":"In &quot;ajax&quot;","block_context":{"text":"ajax","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/ajax\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2363,"url":"https:\/\/www.fullo.net\/blog\/2007\/11\/09\/sviluppatore-plsql-needed\/","url_meta":{"origin":585,"position":1},"title":"Sviluppatore PL\/SQL needed","author":"Francesco Fullone","date":"09\/11\/2007","format":false,"excerpt":"Mucio cerca disperatamente uno sviluppatore PL\/SQL in zona Bologna, la paga pare buona ed anche le prospettive di crescita. Se siete interessati a cambiare lavoro o se ne state cercando uno a Bologna non esitate a contattare Mucio (e non me)! ciuaz","rel":"","context":"In &quot;altri linguaggi&quot;","block_context":{"text":"altri linguaggi","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/altri-linguaggi\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1929,"url":"https:\/\/www.fullo.net\/blog\/2006\/04\/19\/qualche-problema-per-slimstat\/","url_meta":{"origin":585,"position":2},"title":"Qualche problema per SlimStat","author":"Francesco Fullone","date":"19\/04\/2006","format":false,"excerpt":"Mi scrive oggi il support di Dreamhost dicendomi che hanno dovuto metter mano al mio db in quanto alcune tabelle (da oltre 116k recond) ne inficiavano le performance. Il problema pare dipenda da SlimStat, che quindi per un pochino disattiver\u00f2. A seguire la lettera che mi \u00e8 giunta dal support\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":687,"url":"https:\/\/www.fullo.net\/blog\/2004\/01\/27\/phplinks-varie\/","url_meta":{"origin":585,"position":3},"title":"php::Links( &#8216; varie &#8216;);","author":"Francesco Fullone","date":"27\/01\/2004","format":false,"excerpt":"se utilizzate phpWiki e vi state chiedendo come si fa ad far si che un utente possa fare l'upload di un file la soluzione \u00e8 nel wiki di mvandam \u00e8 stata finalmente rilasciata la release 1.0 di phpiCalendar, il software per la pubblicazione su web dei calendari personali. Tra le\u2026","rel":"","context":"In &quot;tecnologia&quot;","block_context":{"text":"tecnologia","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2187,"url":"https:\/\/www.fullo.net\/blog\/2007\/01\/11\/in-arrivo-wordpress-207\/","url_meta":{"origin":585,"position":4},"title":"In arrivo WordPress 2.0.7","author":"Francesco Fullone","date":"11\/01\/2007","format":false,"excerpt":"Se vi state chiedendo perch\u00e8 \u00e8 stata pubblicata oggi l'url della prima seconda release candidate di WordPress 2.0.7, la risposta \u00e8 semplice. E' stato identificato un baco di sicurezza riguardante alcune configurazione (non rare) di virtual hosting. Tra i cambiamenti: worked around a PHP bug for PHP4 < 4.4.3 and\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1239,"url":"https:\/\/www.fullo.net\/blog\/2005\/01\/26\/sydi\/","url_meta":{"origin":585,"position":5},"title":"SYDI","author":"Francesco Fullone","date":"26\/01\/2005","format":false,"excerpt":"se dovete produrre della documentazione sui vostri server provate SYDI, \u00e8 veramente comodo! SYDI is a collection of Vbscripts to help people get started with the documentation process. What it can do is to collect information from a Windows Server (SYDI-Server) or a MS SQL Server (SYDI-SQL) and present its\u2026","rel":"","context":"In &quot;tecnologia&quot;","block_context":{"text":"tecnologia","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/comments?post=585"}],"version-history":[{"count":0,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/585\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/media?parent=585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/categories?post=585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/tags?post=585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}