After a little break and multiple tasks to do, few minutes ago I found one surprise
in latest phpBB3.
This is 'so called' sql-information-leak via parameter manipulation (related to SQL).
I will not public full information today, because maybe some of You want to test Your installations before.
If so - let me know. Maybe I should help with full webapp pentest.
* updated 10:11 *
- Found second vulnerable parameter :)
* updated 28.07 *
- another two parameters are vulnerable
* updated 31.08 *Detailed story once again at PacketStorm.
Cheers ;) o/