SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and previous versions allows remote malicious users to steal password hashes via the topic_id parameter.
#!/usr/bin/perl -w
#
#
# phpBB password disclosure vuln
# - rick patel
#
# There is a sql injection vuln which exists in /viewtopicphp file The variable is $topic_id
# which gets passed directly to sql server in query Attacker could pass a special sql string which
# can used to see md5 password hash for any user (!) for phpBB This pass can be ...