As per the Project Manager of phpBB, it is an added feature. (I spoke to
him about this already.) There is no exploit or bug.
Christian Jonassen wrote:
Hmm.
Highlighting everything---what's dangerous about that?
- Christian NJ
On Thu, 15 Jul 2004 16:04:21 -0400, micheal@xxxxxxxxxxxxxxxxxxxxx
<micheal@xxxxxxxxxxxxxxxxxxxxx> wrote:
Actually, I found that it doesn't matter if an SQL query is there or not.
Example:
http://www.example.com/viewtopic.php?t=12345&highlight=bug,%20*
Something like:
http://www.example.com/viewtopic.php?t=12345&highlight=bug,*
does not work however. There doesn't _appear_ to be any exploit here,
though granted I did not check this a great deal.
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
