Posts by author: Dr. Johannes Dahse

phpBB 2.0.23 - From Variable Tampering to SQL Injection

7 min read 13 Dec 2016 by Johannes Dahse
In our 12th advent calendar gift, we would like to cover an exciting SQL injection in phpBB2. Although phpBB2 was replaced by its successor phpBB3, it is still one of the most popular bulletin boards. RIPS detected a less severe but very beautiful SQL injection vulnerability that bases on a PHP quirk we will examine in detail in this post.

Introducing the RIPS analysis engine

10 min read 4 Dec 2016 by Johannes Dahse
In today’s post, we would like to share some insights into our static code analysis engine RIPS that detected the security bugs described in the previous and upcoming calendar gifts. The engine has a long history and went through several generations before reaching its current performance. What does it actually do within the few seconds after you click on the scan button and the first vulnerability report pops up?