From: Sönke <mithril.inc[at]gmx.de>
To: security curmudgeon <jericho[at]attrition.org>
Date: Tue, 06 Jun 2006 14:10:26 +0200
Subject: Re: Wrong information

Concerning: smartor photo album http://www.osvdb.org/15933 and : http://www.osvdb.org/15932


Hello Brian..

I am taking care of the Photo Album Mod (PA) by Smartor for some time now. I also am 
involved in the devellopment of the Full Album Pack, a compilation of the major Add-ons 
for the PA ready to run and I've played with the phpBB-code a good lot. I think I've 
got at least the most common hacks for the PA in my archives and looked into them.
I just searched the whole phpBB-directory (including phpBB itself and some packages like 
phpBB plus and phpBB XS with all there respective releases of the last three years) for 
any occourence of "bsid" (regardless of upper of lower case) in the code of the whole 
dir... and found nothing. Thus I'm pretty sure, that there has to be a mistake somehow.
Taking into consideration, that in all the time I'm at Smartors and never heard of a 
security breach due to the album apart from inquiries concerning the entries in your DB 
I am sure that removing the entry from your DB is a save thing.

Thank you again for the work you put into the maintainance of this project...

Regards

Minc